Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MacAttack.exe

Overview

General Information

Sample name:MacAttack.exe
Analysis ID:1575559
MD5:a2424a73630fc4ff422fcc9809707079
SHA1:9f4ff302aecfbed299aa55f1616539f4f49de257
SHA256:6b8be3ebc7286c0b5b954ce66c77b852806fe12e7020ffcc312f2cf533b7fbf2
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • MacAttack.exe (PID: 5848 cmdline: "C:\Users\user\Desktop\MacAttack.exe" MD5: A2424A73630FC4FF422FCC9809707079)
    • MacAttack.exe (PID: 6248 cmdline: "C:\Users\user\Desktop\MacAttack.exe" MD5: A2424A73630FC4FF422FCC9809707079)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: MacAttack.exeVirustotal: Detection: 9%Perma Link
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937FCDD0 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD937FCDD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E166D CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFD937E166D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93829450 OPENSSL_cleanse,CRYPTO_free,2_2_00007FFD93829450
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9382F380 CRYPTO_free,2_2_00007FFD9382F380
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFD937E114F
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938293A0 CRYPTO_free,2_2_00007FFD938293A0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9385B3A0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFD9385B3A0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938393D0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFD938393D0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E22CA CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E22CA
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1ECE CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD937E1ECE
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93853330 CRYPTO_free,CRYPTO_strndup,2_2_00007FFD93853330
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9382F320 CRYPTO_free,2_2_00007FFD9382F320
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93815288 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFD93815288
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937ED28F CRYPTO_free,2_2_00007FFD937ED28F
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E198D ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFD937E198D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1B86 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFD937E1B86
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E11A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFD937E11A9
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E2108 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFD937E2108
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1DAC CRYPTO_clear_free,2_2_00007FFD937E1DAC
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93809230 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFD93809230
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93845250 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFD93845250
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380D250 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FFD9380D250
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1A05 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD937E1A05
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1257 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFD937E1257
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E2135 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD937E2135
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938231A0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FFD938231A0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E148D ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E148D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFD937E111D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937ED0F0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD937ED0F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93853110 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD93853110
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1B4A memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD937E1B4A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93839120 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD93839120
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380F150 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FFD9380F150
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E21D0 CRYPTO_memcmp,2_2_00007FFD937E21D0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E2176 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFD937E2176
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1ED3 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD937E1ED3
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1AAA CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD937E1AAA
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1889 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FFD937E1889
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E123A CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFD937E123A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93829810 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD93829810
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E164A EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFD937E164A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E183A OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FFD937E183A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9385B850 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD9385B850
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E5854 BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFD937E5854
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFD937E11DB
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937EF790 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFD937EF790
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E1023
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938476F0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD938476F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F7710 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFD937F7710
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E14C9 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E14C9
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93845680 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD93845680
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E2117 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E2117
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9384B6B0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFD9384B6B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E256D ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FFD937E256D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380D5E0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFD9380D5E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938155E4 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938155E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E20D6 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E20D6
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9385560B CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD9385560B
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFD937E1393
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E1181
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1988 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FFD937E1988
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938295A0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD938295A0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937EF4E0 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FFD937EF4E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1767 CRYPTO_free,2_2_00007FFD937E1767
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93853500 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,EVP_CIPHER_free,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FFD93853500
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E17DF ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD937E17DF
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1807 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFD937E1807
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E12CB CRYPTO_THREAD_run_once,2_2_00007FFD937E12CB
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1951 CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFD937E1951
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F1470 CRYPTO_free,CRYPTO_strndup,2_2_00007FFD937F1470
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1933 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD937E1933
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E235B CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E235B
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E5C4B CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFD937E5C4B
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1CE4 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFD937E1CE4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93831BC0 CRYPTO_memcmp,2_2_00007FFD93831BC0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93813AE0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD93813AE0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F5B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFD937F5B10
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F3AA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFD937F3AA0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FFD937E110E
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E17EE EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E17EE
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F5A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFD937F5A10
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9384BA50 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD9384BA50
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F7980 strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFD937F7980
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E13D9 EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E13D9
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1A37 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E1A37
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1A19 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFD937E1A19
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F9930 CRYPTO_free,CRYPTO_strdup,2_2_00007FFD937F9930
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1A28 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFD937E1A28
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1F7D CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD937E1F7D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93819940 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD93819940
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938418BC ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFD938418BC
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFD937E1087
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93825FF0 CRYPTO_free,2_2_00007FFD93825FF0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1E5B ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFD937E1E5B
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937EDF72 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFD937EDF72
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E201D CRYPTO_free,2_2_00007FFD937E201D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E2671 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFD937E2671
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937FBFD0 CRYPTO_memcmp,2_2_00007FFD937FBFD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93805FD0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD93805FD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93805EE0 CRYPTO_free,CRYPTO_free,2_2_00007FFD93805EE0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9384DEE0 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FFD9384DEE0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1505 OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFD937E1505
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E2711 CRYPTO_free,CRYPTO_strdup,2_2_00007FFD937E2711
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E11BD
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E105F ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFD937E105F
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93831E60 CRYPTO_free,CRYPTO_memdup,2_2_00007FFD93831E60
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E5E70 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFD937E5E70
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937EDE80 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937EDE80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E3EA0 CRYPTO_free,2_2_00007FFD937E3EA0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93837EA0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD93837EA0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93841EA3 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFD93841EA3
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93803DF4 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_set_ex_data,CRYPTO_set_ex_data,2_2_00007FFD93803DF4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1D7F CRYPTO_free,CRYPTO_memdup,2_2_00007FFD937E1D7F
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9384BE50 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD9384BE50
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F5D80 CRYPTO_THREAD_run_once,2_2_00007FFD937F5D80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E236A CRYPTO_free,2_2_00007FFD937E236A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E245A CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E245A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93805D30 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD93805D30
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380FD50 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFD9380FD50
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E20E5 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E20E5
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E23E2 CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E23E2
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93837C70 CRYPTO_realloc,2_2_00007FFD93837C70
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E21DA ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFD937E21DA
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380DC60 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFD9380DC60
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1AC3 ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,ERR_set_debug,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_new,ERR_new,memcpy,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E1AC3
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1578 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFD937E1578
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E19DD CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFD937E19DD
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E147E CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFD937E147E
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380E3A0 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFD9380E3A0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F43B0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FFD937F43B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1550 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFD937E1550
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E42F0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD937E42F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E23CE EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFD937E23CE
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93844350 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFD93844350
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E2301 ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD937E2301
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E15DC CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD937E15DC
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938422D2 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFD938422D2
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938061E0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD938061E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93830200 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFD93830200
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFD937E1389
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1F46 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFD937E1F46
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93824240 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FFD93824240
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937F2170 CRYPTO_THREAD_run_once,2_2_00007FFD937F2170
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380E1D4 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,CRYPTO_set_ex_data,CRYPTO_set_ex_data,2_2_00007FFD9380E1D4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E23DD CRYPTO_free,CRYPTO_memdup,2_2_00007FFD937E23DD
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1447 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FFD937E1447
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1140 CRYPTO_free,2_2_00007FFD937E1140
Source: MacAttack.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: MacAttack.exe, 00000000.00000003.2141928297.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconusers\qsvgicon.pdb source: MacAttack.exe, 00000000.00000003.2139760546.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_bz2.pdb source: MacAttack.exe, 00000002.00000002.2315579663.00007FFDA5B84000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: MacAttack.exe, 00000000.00000003.2109531213.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2315342051.00007FFDA4DA3000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: MacAttack.exe, 00000000.00000003.2139450413.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\libssl-3-x64.pdbCC source: MacAttack.exe, 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: ucrtbase.pdb source: MacAttack.exe, 00000002.00000002.2313439949.00007FFDA37C8000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: MacAttack.exe, 00000002.00000002.2306928706.00007FFD93DC6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: MacAttack.exe, 00000002.00000002.2303723346.00007FFD93905000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: MacAttack.exe, 00000000.00000003.2141928297.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: MacAttack.exe, 00000000.00000003.2140721818.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\libssl-3-x64.pdb source: MacAttack.exe, 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_wmi.pdb source: MacAttack.exe, 00000002.00000002.2313982966.00007FFDA3AE4000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: ucrtbase.pdbOGPS source: MacAttack.exe, 00000002.00000002.2313439949.00007FFDA37C8000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\libcrypto-3-x64.pdb source: MacAttack.exe, 00000002.00000002.2301045819.00007FFD93086000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: MacAttack.exe, 00000002.00000002.2301045819.00007FFD93000000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\select.pdb source: MacAttack.exe, 00000002.00000002.2314582293.00007FFDA3FD3000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: MacAttack.exe, 00000002.00000002.2315121381.00007FFDA46E4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: MacAttack.exe, 00000002.00000002.2315121381.00007FFDA46E4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: MacAttack.exe, 00000000.00000003.2121933009.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2314988948.00007FFDA4635000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_hashlib.pdb source: MacAttack.exe, 00000002.00000002.2314462900.00007FFDA3EB6000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\b\abs_408t8wz0h8\croot\xz_1714514706366\work\windows\vs2017\Release\x64\liblzma_dll\liblzma.pdbcc source: MacAttack.exe, 00000002.00000002.2313085583.00007FFDA36B8000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_wmi.pdb&&%GCTL source: MacAttack.exe, 00000002.00000002.2313982966.00007FFDA3AE4000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\python312.pdb source: MacAttack.exe, 00000002.00000002.2310296347.00007FFD94684000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_ssl.pdb source: MacAttack.exe, 00000002.00000002.2312568840.00007FFDA363E000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\unicodedata.pdb source: MacAttack.exe, 00000002.00000002.2301915484.00007FFD93660000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: MacAttack.exe, 00000000.00000003.2139450413.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_lzma.pdb source: MacAttack.exe, 00000002.00000002.2315459720.00007FFDA5495000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: MacAttack.exe, 00000002.00000002.2306928706.00007FFD93DC6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_socket.pdb source: MacAttack.exe, 00000002.00000002.2314698500.00007FFDA4169000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\python3.pdb source: MacAttack.exe, 00000002.00000002.2292000388.0000024A3EB80000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\b\abs_408t8wz0h8\croot\xz_1714514706366\work\windows\vs2017\Release\x64\liblzma_dll\liblzma.pdb source: MacAttack.exe, 00000002.00000002.2313085583.00007FFDA36B8000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_queue.pdb source: MacAttack.exe, 00000002.00000002.2314096635.00007FFDA3AF3000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Thu Sep 5 14:12:38 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\ssl"userSDIR: "C:\b\abs_25mqphatbo\croot\openssl_1725545335595\_h_env\Library\lib\users-3"MODULESDIR: "C:\b\abs_25mqphatbo\croot\openssl_1725545335595\_h_env\Library\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\sslC:\b\abs_25mqphatbo\croot\openssl_1725545335595\_h_env\Library\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_strin
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: MacAttack.exe, 00000000.00000003.2121556943.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_ctypes.pdb source: MacAttack.exe, 00000002.00000002.2314345704.00007FFDA3C23000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7923F83B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F92F0 FindFirstFileExW,FindClose,0_2_00007FF7923F92F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7924118E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923F92F0 FindFirstFileExW,FindClose,2_2_00007FF7923F92F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7923F83B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7924118E4
Source: MacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: MacAttack.exe, 00000002.00000002.2303202411.00007FFD93763000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://.css
Source: MacAttack.exe, 00000002.00000002.2303202411.00007FFD93763000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://.jpg
Source: MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredID
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MacAttack.exe, 00000000.00000003.2319405067.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: MacAttack.exe, 00000000.00000003.2319405067.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276703531.0000024A3F15C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278521885.0000024A3F166000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: MacAttack.exe, 00000002.00000003.2278040855.0000024A3F122000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277704010.0000024A40061000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280101063.0000024A3F5D6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284924581.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279728908.0000024A40068000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275619151.0000024A3F113000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297075781.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A40061000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278847248.0000024A40062000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279206287.0000024A40066000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279946026.0000024A3F139000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276306815.0000024A3F5D5000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276519389.0000024A3F11F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277491952.0000024A3F120000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280651455.0000024A3F5D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276330560.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2287741178.0000024A3D260000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283318267.0000024A3F706000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277030848.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278754569.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283138644.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: MacAttack.exe, 00000002.00000003.2279233886.0000024A3F945000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298153299.0000024A3F948000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284807122.0000024A3F948000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279051343.0000024A3F155000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: MacAttack.exe, 00000002.00000003.2279233886.0000024A3F945000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298153299.0000024A3F948000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284807122.0000024A3F948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl?J
Source: MacAttack.exe, 00000002.00000003.2278040855.0000024A3F122000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277704010.0000024A40061000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279728908.0000024A40068000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275619151.0000024A3F113000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A40061000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278847248.0000024A40062000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279206287.0000024A40066000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279946026.0000024A3F139000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276519389.0000024A3F11F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277491952.0000024A3F120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: MacAttack.exe, 00000002.00000003.2280101063.0000024A3F5D6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284924581.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297075781.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276306815.0000024A3F5D5000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280651455.0000024A3F5D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: MacAttack.exe, 00000002.00000003.2282922495.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284667848.0000024A3F939000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284996030.0000024A3F93A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: MacAttack.exe, 00000002.00000003.2275575769.0000024A3F71A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280152305.0000024A3F71E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: MacAttack.exe, 00000002.00000003.2284996030.0000024A3F93A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: MacAttack.exe, 00000002.00000003.2275575769.0000024A3F71A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277453677.0000024A3F833000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280152305.0000024A3F71E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276187683.0000024A3F831000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: MacAttack.exe, 00000002.00000003.2282922495.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284667848.0000024A3F939000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284996030.0000024A3F93A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276330560.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283318267.0000024A3F706000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277030848.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278754569.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283138644.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: MacAttack.exe, 00000000.00000003.2319405067.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: MacAttack.exe, 00000000.00000003.2142415181.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297909609.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280900904.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://evilvir.us.streamtv.to:8080/c/
Source: MacAttack.exe, 00000002.00000002.2296577870.0000024A3F230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: MacAttack.exe, 00000002.00000003.2278040855.0000024A3F122000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275619151.0000024A3F113000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279946026.0000024A3F139000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276519389.0000024A3F11F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277491952.0000024A3F120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280303557.0000024A3F16A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279398956.0000024A3F167000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276703531.0000024A3F15C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278521885.0000024A3F166000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: MacAttack.exe, 00000002.00000003.2275575769.0000024A3F71A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275131375.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280152305.0000024A3F71E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280863027.0000024A3F724000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297717716.0000024A3F724000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: MacAttack.exe, 00000002.00000002.2303202411.00007FFD93763000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://html4/loose.dtd
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/ip
Source: MacAttack.exe, 00000002.00000003.2190877789.0000024A3F5E8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: MacAttack.exe, 00000002.00000003.2278590136.0000024A40033000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277755022.0000024A40033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: MacAttack.exe, 00000000.00000003.2319405067.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2319405067.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: MacAttack.exe, 00000002.00000003.2279233886.0000024A3F945000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298153299.0000024A3F948000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276330560.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278063193.0000024A3F5C1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277030848.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284807122.0000024A3F948000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280442288.0000024A3F710000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278754569.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280749187.0000024A3F5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40033000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277755022.0000024A40033000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlPEJ1
Source: MacAttack.exe, 00000002.00000003.2279004249.0000024A3F958000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298204901.0000024A3F95E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: MacAttack.exe, 00000002.00000003.2279004249.0000024A3F958000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298204901.0000024A3F95E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm??_i
Source: MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279728908.0000024A40054000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279027810.0000024A4004F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280303557.0000024A3F16A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279398956.0000024A3F167000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276703531.0000024A3F15C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278521885.0000024A3F166000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: MacAttack.exe, 00000000.00000003.2108532709.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: MacAttack.exe, 00000002.00000002.2295366937.0000024A3F032000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283519747.0000024A3F15D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2296016953.0000024A3F15D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278301648.0000024A3F031000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276703531.0000024A3F15C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: MacAttack.exe, 00000002.00000003.2275131375.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279557560.0000024A3F755000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2282591398.0000024A3F755000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: MacAttack.exe, 00000002.00000003.2282922495.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284667848.0000024A3F939000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: MacAttack.exe, 00000002.00000002.2295011636.0000024A3EDAF000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276480142.0000024A3EDAE000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275919426.0000024A3ED6F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276229810.0000024A3ED72000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276456591.0000024A3ED9C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274763354.0000024A3ED57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: MacAttack.exe, 00000002.00000002.2315262916.00007FFDA4707000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.zlib.net/D
Source: MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275131375.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2282591398.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297746532.0000024A3F7BB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297909609.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279557560.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280900904.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: MacAttack.exe, 00000002.00000003.2284297904.0000024A3ED22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2191150896.0000024A3F606000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2190877789.0000024A3F651000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2191334568.0000024A3F642000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280277396.0000024A3ED07000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2191432456.0000024A3F656000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2190877789.0000024A3F63F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: MacAttack.exe, 00000002.00000003.2185415369.0000024A3ED5E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: MacAttack.exe, 00000002.00000002.2294156003.0000024A3EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: MacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: MacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: MacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: MacAttack.exe, 00000002.00000002.2294156003.0000024A3EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: MacAttack.exe, 00000002.00000002.2295221619.0000024A3EF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: MacAttack.exe, 00000002.00000002.2295221619.0000024A3EF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: MacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: MacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: MacAttack.exe, 00000002.00000003.2190877789.0000024A3F5E8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2192770946.0000024A3F1B1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2296418125.0000024A3F1DB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F1B1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F1B1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274861716.0000024A3F1DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: MacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: MacAttack.exe, 00000002.00000002.2298336150.0000024A3FA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://free-proxy-list.net/
Source: MacAttack.exe, 00000002.00000003.2277848528.0000024A3F5C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: MacAttack.exe, 00000002.00000003.2184507571.0000024A3ED25000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: MacAttack.exe, 00000002.00000002.2298809772.0000024A3FF10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: MacAttack.exe, 00000002.00000002.2294156003.0000024A3EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: MacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: MacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: MacAttack.exe, 00000002.00000003.2274905688.0000024A3EDC4000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280240076.0000024A3EDC9000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2187934577.0000024A3F1BB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274458897.0000024A3EDBB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276613164.0000024A3EDC6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2295126320.0000024A3EDCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: MacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: MacAttack.exe, 00000002.00000002.2298336150.0000024A3FA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: MacAttack.exe, 00000002.00000003.2218108423.0000024A3F800000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277674646.0000024A3F5CD000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280169654.0000024A3F5D0000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280101063.0000024A3F5CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/29200
Source: MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274905688.0000024A3EDC4000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280240076.0000024A3EDC9000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280206096.0000024A3F15A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274458897.0000024A3EDBB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276613164.0000024A3EDC6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275706659.0000024A3F6B2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280081227.0000024A3F6B6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279051343.0000024A3F155000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274530516.0000024A3F6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280206096.0000024A3F15A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275706659.0000024A3F6B2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280081227.0000024A3F6B6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279051343.0000024A3F155000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274530516.0000024A3F6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: MacAttack.exe, 00000002.00000003.2274130064.0000024A3F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: MacAttack.exe, 00000002.00000003.2275466814.0000024A3F7FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/mul
Source: MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: MacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276480142.0000024A3EDAE000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275019954.0000024A3F88C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279992393.0000024A3F89D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297909609.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275919426.0000024A3ED6F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280900904.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276229810.0000024A3ED72000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276456591.0000024A3ED9C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F8F9000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274763354.0000024A3ED57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: MacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276152659.0000024A3F662000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: MacAttack.exe, 00000002.00000003.2274130064.0000024A3F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: MacAttack.exe, 00000002.00000003.2281379242.0000024A3F893000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276822596.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218108423.0000024A3F800000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F877000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280698286.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275019954.0000024A3F88C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: MacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298336150.0000024A3FA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: MacAttack.exe, 00000002.00000002.2296678527.0000024A3F340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: MacAttack.exe, 00000002.00000002.2310296347.00007FFD94684000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: MacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276152659.0000024A3F662000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298809772.0000024A3FF10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: MacAttack.exe, 00000002.00000002.2298809772.0000024A3FF10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioexe
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spys.me/proxy.txt
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274645914.0000024A3F5F0000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284018977.0000024A3F61A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F5F1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297199625.0000024A3F61A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F605000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277312887.0000024A3F5F1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277561483.0000024A3F617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: MacAttack.exe, 00000002.00000003.2281740700.0000024A3F10E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2295851201.0000024A3F10E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280839824.0000024A3F0FE000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279261102.0000024A3F0A5000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2282756134.0000024A3F10E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276373068.0000024A3F0A4000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274130064.0000024A3F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: MacAttack.exe, 00000002.00000002.2313157264.00007FFDA36BE000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tukaani.org/
Source: MacAttack.exe, 00000002.00000002.2313157264.00007FFDA36BE000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tukaani.org/xz/
Source: MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274905688.0000024A3EDC4000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280240076.0000024A3EDC9000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274458897.0000024A3EDBB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276613164.0000024A3EDC6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: MacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F5F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: MacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0
Source: MacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: MacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsp
Source: MacAttack.exe, 00000002.00000003.2217350101.0000024A400DA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273500312.0000024A40154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.python.org/moin/PythonDecoratorLibrary.
Source: MacAttack.exe, 00000002.00000003.2273608729.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217350101.0000024A400DA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217763395.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273500312.0000024A40154000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280319211.0000024A3F8CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.videolan.org/LibVLC.
Source: MacAttack.exe, 00000000.00000003.2119969026.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2145090250.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2117111156.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.freeproxy.world/?type=http&anonymity=&country=&speed=&port=&page=1
Source: MacAttack.exe, 00000002.00000003.2273608729.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217350101.0000024A400DA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217763395.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273500312.0000024A40154000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280319211.0000024A3F8CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.olivieraubert.net/vlc/python-ctypes/.
Source: MacAttack.exe, 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmp, MacAttack.exe, 00000002.00000002.2301530104.00007FFD93132000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.openssl.org/H
Source: MacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276152659.0000024A3F662000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: MacAttack.exe, 00000002.00000003.2281379242.0000024A3F893000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276822596.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218108423.0000024A3F800000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F877000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280698286.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275019954.0000024A3F88C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: MacAttack.exe, 00000002.00000002.2311272908.00007FFD9471E000.00000004.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: MacAttack.exe, 00000002.00000002.2310296347.00007FFD94596000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: MacAttack.exe, 00000002.00000003.2280406497.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277312887.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278136588.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2281049346.0000024A3F65E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.sslproxies.org/
Source: MacAttack.exe, 00000002.00000003.2283427227.0000024A4004C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2299129191.0000024A4004D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: MacAttack.exe, 00000002.00000003.2278040855.0000024A3F122000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280101063.0000024A3F5D6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284924581.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275619151.0000024A3F113000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297075781.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279946026.0000024A3F139000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276306815.0000024A3F5D5000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276519389.0000024A3F11F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277491952.0000024A3F120000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280651455.0000024A3F5D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280206096.0000024A3F15A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275706659.0000024A3F6B2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280081227.0000024A3F6B6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279051343.0000024A3F155000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274530516.0000024A3F6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F8BD00_2_00007FF7923F8BD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792415C700_2_00007FF792415C70
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924169D40_2_00007FF7924169D4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F10000_2_00007FF7923F1000
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FA34B0_2_00007FF7923FA34B
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792401BC00_2_00007FF792401BC0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924164880_2_00007FF792416488
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792402C800_2_00007FF792402C80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924109380_2_00007FF792410938
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792413C800_2_00007FF792413C80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FA4E40_2_00007FF7923FA4E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF79241411C0_2_00007FF79241411C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924081540_2_00007FF792408154
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924109380_2_00007FF792410938
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792403A140_2_00007FF792403A14
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924019B40_2_00007FF7924019B4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924021D40_2_00007FF7924021D4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF79240DACC0_2_00007FF79240DACC
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF79240DF600_2_00007FF79240DF60
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924088040_2_00007FF792408804
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924197980_2_00007FF792419798
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924017B00_2_00007FF7924017B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792401FD00_2_00007FF792401FD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F98700_2_00007FF7923F9870
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924118E40_2_00007FF7924118E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FAD1D0_2_00007FF7923FAD1D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF79240E5E00_2_00007FF79240E5E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924036100_2_00007FF792403610
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792405DA00_2_00007FF792405DA0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792401DC40_2_00007FF792401DC4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792415EEC0_2_00007FF792415EEC
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792409F100_2_00007FF792409F10
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792415C702_2_00007FF792415C70
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924169D42_2_00007FF7924169D4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923F10002_2_00007FF7923F1000
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923FA34B2_2_00007FF7923FA34B
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792401BC02_2_00007FF792401BC0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923F8BD02_2_00007FF7923F8BD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924164882_2_00007FF792416488
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792402C802_2_00007FF792402C80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924109382_2_00007FF792410938
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792413C802_2_00007FF792413C80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923FA4E42_2_00007FF7923FA4E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF79241411C2_2_00007FF79241411C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924081542_2_00007FF792408154
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924109382_2_00007FF792410938
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792403A142_2_00007FF792403A14
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924019B42_2_00007FF7924019B4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924021D42_2_00007FF7924021D4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF79240DACC2_2_00007FF79240DACC
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF79240DF602_2_00007FF79240DF60
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924088042_2_00007FF792408804
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924197982_2_00007FF792419798
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924017B02_2_00007FF7924017B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792401FD02_2_00007FF792401FD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923F98702_2_00007FF7923F9870
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924118E42_2_00007FF7924118E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923FAD1D2_2_00007FF7923FAD1D
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF79240E5E02_2_00007FF79240E5E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924036102_2_00007FF792403610
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792405DA02_2_00007FF792405DA0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792401DC42_2_00007FF792401DC4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792415EEC2_2_00007FF792415EEC
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF792409F102_2_00007FF792409F10
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93552DC02_2_00007FFD93552DC0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD935520B02_2_00007FFD935520B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD935526E02_2_00007FFD935526E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9367BFA02_2_00007FFD9367BFA0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936857902_2_00007FFD93685790
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93687B902_2_00007FFD93687B90
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936883902_2_00007FFD93688390
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936860502_2_00007FFD93686050
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936720572_2_00007FFD93672057
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9367E0402_2_00007FFD9367E040
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936710102_2_00007FFD93671010
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93671C0B2_2_00007FFD93671C0B
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93688FF02_2_00007FFD93688FF0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936873E02_2_00007FFD936873E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93693FE02_2_00007FFD93693FE0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9368CE602_2_00007FFD9368CE60
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936BFAF02_2_00007FFD936BFAF0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93671A502_2_00007FFD93671A50
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936752002_2_00007FFD93675200
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9368E8C02_2_00007FFD9368E8C0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9368F4C02_2_00007FFD9368F4C0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936900C02_2_00007FFD936900C0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936744B02_2_00007FFD936744B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9368DCA02_2_00007FFD9368DCA0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936748802_2_00007FFD93674880
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936911392_2_00007FFD93691139
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936C05002_2_00007FFD936C0500
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936738E02_2_00007FFD936738E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937437E02_2_00007FFD937437E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93742BE02_2_00007FFD93742BE0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373CBE02_2_00007FFD9373CBE0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373C7E02_2_00007FFD9373C7E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937295E02_2_00007FFD937295E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9372ABE02_2_00007FFD9372ABE0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937235E02_2_00007FFD937235E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937415F02_2_00007FFD937415F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9372C2002_2_00007FFD9372C200
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93733A102_2_00007FFD93733A10
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937210202_2_00007FFD93721020
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937390402_2_00007FFD93739040
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937245602_2_00007FFD93724560
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937425702_2_00007FFD93742570
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937327702_2_00007FFD93732770
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937361702_2_00007FFD93736170
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93722F802_2_00007FFD93722F80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93734B902_2_00007FFD93734B90
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93723B902_2_00007FFD93723B90
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93724F902_2_00007FFD93724F90
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937287A02_2_00007FFD937287A0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373E3B02_2_00007FFD9373E3B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937309C02_2_00007FFD937309C0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937393D02_2_00007FFD937393D0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373B3D02_2_00007FFD9373B3D0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373DFD02_2_00007FFD9373DFD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937410F02_2_00007FFD937410F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373B9202_2_00007FFD9373B920
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373FB202_2_00007FFD9373FB20
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937387302_2_00007FFD93738730
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373F7402_2_00007FFD9373F740
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9372173F2_2_00007FFD9372173F
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937472602_2_00007FFD93747260
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373BE702_2_00007FFD9373BE70
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937446802_2_00007FFD93744680
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937264882_2_00007FFD93726488
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9373A2A02_2_00007FFD9373A2A0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93743EB02_2_00007FFD93743EB0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93722AD02_2_00007FFD93722AD0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9384D2802_2_00007FFD9384D280
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1A052_2_00007FFD937E1A05
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1B4A2_2_00007FFD937E1B4A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1ED32_2_00007FFD937E1ED3
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E26F32_2_00007FFD937E26F3
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938155E42_2_00007FFD938155E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E13932_2_00007FFD937E1393
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938215102_2_00007FFD93821510
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938535002_2_00007FFD93853500
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1C082_2_00007FFD937E1C08
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9380BC202_2_00007FFD9380BC20
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E17EE2_2_00007FFD937E17EE
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E13D92_2_00007FFD937E13D9
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E158C2_2_00007FFD937E158C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E24CD2_2_00007FFD937E24CD
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E21D52_2_00007FFD937E21D5
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E21B72_2_00007FFD937E21B7
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E15502_2_00007FFD937E1550
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD938061E02_2_00007FFD938061E0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: String function: 00007FFD937E1325 appears 282 times
Source: C:\Users\user\Desktop\MacAttack.exeCode function: String function: 00007FFD9385D973 appears 37 times
Source: C:\Users\user\Desktop\MacAttack.exeCode function: String function: 00007FFD9385D295 appears 33 times
Source: C:\Users\user\Desktop\MacAttack.exeCode function: String function: 00007FFD9385D1B1 appears 740 times
Source: C:\Users\user\Desktop\MacAttack.exeCode function: String function: 00007FF7923F2710 appears 104 times
Source: C:\Users\user\Desktop\MacAttack.exeCode function: String function: 00007FFD9385D19F appears 216 times
Source: C:\Users\user\Desktop\MacAttack.exeCode function: String function: 00007FF7923F2910 appears 34 times
Source: libexpat.dll.0.drStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-kernel32-legacy-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: MacAttack.exe, 00000000.00000003.2111569494.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5DBus.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2144964942.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2129274296.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2118611324.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5WebSockets.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtga.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2109305718.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvg.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2142946213.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqminimal.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwbmp.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2141286959.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqjpeg.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqicns.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2116285835.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5QmlModels.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2319405067.0000021ADFD23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibzstd.dll4 vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2115018517.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Qml.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqico.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2114320996.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Network.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2112631975.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Gui.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2110157512.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Core.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2144453778.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwindows.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2121556943.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2121933009.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2143980772.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwebgl.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibEGL.dll. vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2139450413.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtuiotouchplugin.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2140721818.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqgif.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2109531213.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_1.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2143591665.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqoffscreen.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2142415181.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwebp.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2141928297.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtiff.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2118382716.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Svg.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2108745849.0000021ADFD13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000000.00000003.2139760546.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvgicon.dll( vs MacAttack.exe
Source: MacAttack.exeBinary or memory string: OriginalFilename vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2314389819.00007FFDA3C2E000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2314141740.00007FFDA3AF6000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenamelibsslH vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2304150579.00007FFD9393F000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2314629480.00007FFDA3FD6000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2313157264.00007FFDA36BE000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameliblzma.dllf# vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2312422969.00007FFD948A2000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2302875751.00007FFD9370E000.00000002.00000001.01000000.00000020.sdmpBinary or memory string: OriginalFilenamelibzstd.dll4 vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2314752882.00007FFDA4173000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2315627486.00007FFDA5B88000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2301530104.00007FFD93132000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2315505573.00007FFDA549A000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2292000388.0000024A3EB80000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2313644757.00007FFDA3818000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2315042173.00007FFDA4639000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2314029207.00007FFDA3AE7000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2315387066.00007FFDA4DA6000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamemsvcp140_1.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2307501848.00007FFD93EA0000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenameQt5Core.dll( vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2312752447.00007FFDA365A000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2302528027.00007FFD93664000.00000002.00000001.01000000.00000021.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2315262916.00007FFDA4707000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamezlib1.dll* vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2315169014.00007FFDA46EA000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs MacAttack.exe
Source: MacAttack.exe, 00000002.00000002.2314510062.00007FFDA3EBD000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs MacAttack.exe
Source: Qt5Core.dll.0.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal52.winEXE@3/202@0/0
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482Jump to behavior
Source: MacAttack.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\MacAttack.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: MacAttack.exeVirustotal: Detection: 9%
Source: C:\Users\user\Desktop\MacAttack.exeFile read: C:\Users\user\Desktop\MacAttack.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\MacAttack.exe "C:\Users\user\Desktop\MacAttack.exe"
Source: C:\Users\user\Desktop\MacAttack.exeProcess created: C:\Users\user\Desktop\MacAttack.exe "C:\Users\user\Desktop\MacAttack.exe"
Source: C:\Users\user\Desktop\MacAttack.exeProcess created: C:\Users\user\Desktop\MacAttack.exe "C:\Users\user\Desktop\MacAttack.exe"Jump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: zlib.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: ffi.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: libbz2.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: liblzma.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: msvcp140_1.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: libcrypto-3-x64.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: libssl-3-x64.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: zstd.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeSection loaded: wintypes.dllJump to behavior
Source: MacAttack.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: MacAttack.exeStatic file information: File size 47685860 > 1048576
Source: MacAttack.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: MacAttack.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: MacAttack.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: MacAttack.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: MacAttack.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: MacAttack.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: MacAttack.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: MacAttack.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: MacAttack.exe, 00000000.00000003.2141928297.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: MacAttack.exe, 00000000.00000003.2144834798.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: MacAttack.exe, 00000000.00000003.2141566617.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconusers\qsvgicon.pdb source: MacAttack.exe, 00000000.00000003.2139760546.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_bz2.pdb source: MacAttack.exe, 00000002.00000002.2315579663.00007FFDA5B84000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: MacAttack.exe, 00000000.00000003.2109531213.0000021ADFD14000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2315342051.00007FFDA4DA3000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: MacAttack.exe, 00000000.00000003.2139450413.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\libssl-3-x64.pdbCC source: MacAttack.exe, 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: ucrtbase.pdb source: MacAttack.exe, 00000002.00000002.2313439949.00007FFDA37C8000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: MacAttack.exe, 00000002.00000002.2306928706.00007FFD93DC6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: MacAttack.exe, 00000002.00000002.2303723346.00007FFD93905000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: MacAttack.exe, 00000000.00000003.2141928297.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: MacAttack.exe, 00000000.00000003.2140721818.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\libssl-3-x64.pdb source: MacAttack.exe, 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_wmi.pdb source: MacAttack.exe, 00000002.00000002.2313982966.00007FFDA3AE4000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: ucrtbase.pdbOGPS source: MacAttack.exe, 00000002.00000002.2313439949.00007FFDA37C8000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\libcrypto-3-x64.pdb source: MacAttack.exe, 00000002.00000002.2301045819.00007FFD93086000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: MacAttack.exe, 00000002.00000002.2301045819.00007FFD93000000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: MacAttack.exe, 00000000.00000003.2141712582.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\select.pdb source: MacAttack.exe, 00000002.00000002.2314582293.00007FFDA3FD3000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: MacAttack.exe, 00000002.00000002.2315121381.00007FFDA46E4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: MacAttack.exe, 00000002.00000002.2315121381.00007FFDA46E4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: MacAttack.exe, 00000000.00000003.2121933009.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2314988948.00007FFDA4635000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: MacAttack.exe, 00000000.00000003.2140932837.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_hashlib.pdb source: MacAttack.exe, 00000002.00000002.2314462900.00007FFDA3EB6000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\b\abs_408t8wz0h8\croot\xz_1714514706366\work\windows\vs2017\Release\x64\liblzma_dll\liblzma.pdbcc source: MacAttack.exe, 00000002.00000002.2313085583.00007FFDA36B8000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_wmi.pdb&&%GCTL source: MacAttack.exe, 00000002.00000002.2313982966.00007FFDA3AE4000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\python312.pdb source: MacAttack.exe, 00000002.00000002.2310296347.00007FFD94684000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_ssl.pdb source: MacAttack.exe, 00000002.00000002.2312568840.00007FFDA363E000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: MacAttack.exe, 00000000.00000003.2141095486.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\unicodedata.pdb source: MacAttack.exe, 00000002.00000002.2301915484.00007FFD93660000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: MacAttack.exe, 00000000.00000003.2139450413.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_lzma.pdb source: MacAttack.exe, 00000002.00000002.2315459720.00007FFDA5495000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: MacAttack.exe, 00000002.00000002.2306928706.00007FFD93DC6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_socket.pdb source: MacAttack.exe, 00000002.00000002.2314698500.00007FFDA4169000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\python3.pdb source: MacAttack.exe, 00000002.00000002.2292000388.0000024A3EB80000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\b\abs_408t8wz0h8\croot\xz_1714514706366\work\windows\vs2017\Release\x64\liblzma_dll\liblzma.pdb source: MacAttack.exe, 00000002.00000002.2313085583.00007FFDA36B8000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_queue.pdb source: MacAttack.exe, 00000002.00000002.2314096635.00007FFDA3AF3000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: MacAttack.exe, 00000000.00000003.2142208154.0000021ADFD17000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: MacAttack.exe, 00000000.00000003.2128706636.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Thu Sep 5 14:12:38 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\ssl"userSDIR: "C:\b\abs_25mqphatbo\croot\openssl_1725545335595\_h_env\Library\lib\users-3"MODULESDIR: "C:\b\abs_25mqphatbo\croot\openssl_1725545335595\_h_env\Library\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\sslC:\b\abs_25mqphatbo\croot\openssl_1725545335595\_h_env\Library\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_strin
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: MacAttack.exe, 00000000.00000003.2121556943.0000021ADFD16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\abs_b3ei0ixd12\croot\python-split_1728047657975\work\PCbuild\amd64\_ctypes.pdb source: MacAttack.exe, 00000002.00000002.2314345704.00007FFDA3C23000.00000002.00000001.01000000.00000009.sdmp
Source: MacAttack.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: MacAttack.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: MacAttack.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: MacAttack.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: MacAttack.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xC14C413B [Thu Oct 6 17:22:03 2072 UTC]
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll0.0.drStatic PE information: section name: _RDATA
Source: opengl32sw.dll.0.drStatic PE information: section name: _RDATA
Source: MSVCP140.dll0.0.drStatic PE information: section name: .didat
Source: Qt5Core.dll.0.drStatic PE information: section name: .qtmimed
Source: qtuiotouchplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qsvgicon.dll.0.drStatic PE information: section name: .qtmetad
Source: qgif.dll.0.drStatic PE information: section name: .qtmetad
Source: qicns.dll.0.drStatic PE information: section name: .qtmetad
Source: qico.dll.0.drStatic PE information: section name: .qtmetad
Source: qjpeg.dll.0.drStatic PE information: section name: .qtmetad
Source: qsvg.dll.0.drStatic PE information: section name: .qtmetad
Source: qtga.dll.0.drStatic PE information: section name: .qtmetad
Source: qtiff.dll.0.drStatic PE information: section name: .qtmetad
Source: qwbmp.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebp.dll.0.drStatic PE information: section name: .qtmetad
Source: qminimal.dll.0.drStatic PE information: section name: .qtmetad
Source: qoffscreen.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebgl.dll.0.drStatic PE information: section name: .qtmetad
Source: qwindows.dll.0.drStatic PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.0.drStatic PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.drStatic PE information: section name: .qtmetad
Source: libcrypto-3-x64.dll.0.drStatic PE information: section name: .00cfg
Source: libexpat.dll.0.drStatic PE information: section name: _RDATA
Source: libssl-3-x64.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: ucrtbase.dll.0.drStatic PE information: section name: fothk
Source: ucrtbase.dll.0.drStatic PE information: section name: .fptable
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD9385D7A2 push rdi; ret 2_2_00007FFD93898B2A
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E1EAC push rax; ret 2_2_00007FFD937E1EAD
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93804411 push rcx; ret 2_2_00007FFD93804412

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\MacAttack.exeProcess created: "C:\Users\user\Desktop\MacAttack.exe"
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-sysinfo-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\libexpat.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\MSVCP140.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-kernel32-legacy-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\MSVCP140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\zstd.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard\backend_c.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\zlib.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\libssl-3-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-fibers-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\sip.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\liblzma.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\libcrypto-3-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\iconusers\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\ffi.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\LIBBZ2.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard\_cffi.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\MSVCP140.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\_brotli.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F5820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7923F5820
Source: C:\Users\user\Desktop\MacAttack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-sysinfo-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\libexpat.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-kernel32-legacy-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard\backend_c.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-fibers-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\sip.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\iconusers\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard\_cffi.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\_brotli.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\MacAttack.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17382
Source: C:\Users\user\Desktop\MacAttack.exeAPI coverage: 1.2 %
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7923F83B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923F92F0 FindFirstFileExW,FindClose,0_2_00007FF7923F92F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7924118E4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923F92F0 FindFirstFileExW,FindClose,2_2_00007FF7923F92F0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7923F83B0
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7924118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7924118E4
Source: MacAttack.exe, 00000002.00000002.2295011636.0000024A3EDAF000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276480142.0000024A3EDAE000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275919426.0000024A3ED6F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276229810.0000024A3ED72000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276456591.0000024A3ED9C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274763354.0000024A3ED57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7923FD19C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924134F0 GetProcessHeap,0_2_00007FF7924134F0
Source: C:\Users\user\Desktop\MacAttack.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FD37C SetUnhandledExceptionFilter,0_2_00007FF7923FD37C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7923FD19C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7923FC910
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF79240A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79240A684
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923FD37C SetUnhandledExceptionFilter,2_2_00007FF7923FD37C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923FD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7923FD19C
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF7923FC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7923FC910
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FF79240A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF79240A684
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93553F80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD93553F80
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93554548 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD93554548
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD936FAFB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD936FAFB4
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD93761804 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD93761804
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 2_2_00007FFD937E211C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD937E211C
Source: C:\Users\user\Desktop\MacAttack.exeProcess created: C:\Users\user\Desktop\MacAttack.exe "C:\Users\user\Desktop\MacAttack.exe"Jump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7924195E0 cpuid 0_2_00007FF7924195E0
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\include VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\include VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtCore.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\sip.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\_brotli.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard\backend_c.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeQueries volume information: C:\Users\user\Desktop\MacAttack.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF7923FD080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7923FD080
Source: C:\Users\user\Desktop\MacAttack.exeCode function: 0_2_00007FF792415C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF792415C70

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Software Packing		NTDS22
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
MacAttack.exe0%ReversingLabs
MacAttack.exe10%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI58482\LIBBZ2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\MSVCP140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\MSVCP140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\MSVCP140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5DBus.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Gui.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Network.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Qml.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5QmlModels.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Quick.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Svg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5WebSockets.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Widgets.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\d3dcompiler_47.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\opengl32sw.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qgif.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qicns.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qico.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qjpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qsvg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtga.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtiff.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwbmp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwebp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qminimal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qoffscreen.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwebgl.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwindows.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtCore.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtGui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtWidgets.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\sip.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_brotli.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.freeproxy.world/?type=http&anonymity=&country=&speed=&port=&page=10%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy00%Avira URL Cloudsafe
https://spys.me/proxy.txt0%Avira URL Cloudsafe
https://free-proxy-list.net/0%Avira URL Cloudsafe
https://wiki.videolan.org/LibVLC.0%Avira URL Cloudsafe
https://requests.readthedocs.ioexe0%Avira URL Cloudsafe
http://httpbin.org/ip0%Avira URL Cloudsafe
https://spys.me/proxy.txt0%VirustotalBrowse
https://www.freeproxy.world/?type=http&anonymity=&country=&speed=&port=&page=11%VirustotalBrowse
https://wiki.videolan.org/LibVLC.0%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy00%VirustotalBrowse
http://evilvir.us.streamtv.to:8080/c/0%Avira URL Cloudsafe
http://www.zlib.net/D0%Avira URL Cloudsafe
https://www.olivieraubert.net/vlc/python-ctypes/.0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsp0%Avira URL Cloudsafe
https://tukaani.org/0%Avira URL Cloudsafe
https://www.sslproxies.org/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/urllib3/urllib3/issues/29200MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0MacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/giampaolo/psutil/issues/875.MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://spys.me/proxy.txtMacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://wiki.videolan.org/LibVLC.MacAttack.exe, 00000002.00000003.2273608729.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217350101.0000024A400DA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217763395.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273500312.0000024A40154000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280319211.0000024A3F8CB000.00000004.00000020.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://crl.dhimyotis.com/certignarootca.crl0MacAttack.exe, 00000002.00000003.2280101063.0000024A3F5D6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284924581.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297075781.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276306815.0000024A3F5D5000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280651455.0000024A3F5D7000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#MacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://www.freeproxy.world/?type=http&anonymity=&country=&speed=&port=&page=1MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
          • 1%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlPEJ1MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://goo.gl/zeJZl.MacAttack.exe, 00000002.00000002.2296577870.0000024A3F230000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://tools.ietf.org/html/rfc2388#section-4.4MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274645914.0000024A3F5F0000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284018977.0000024A3F61A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F5F1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297199625.0000024A3F61A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F605000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277312887.0000024A3F5F1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277561483.0000024A3F617000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64MacAttack.exe, 00000002.00000003.2284297904.0000024A3ED22000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2191150896.0000024A3F606000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2190877789.0000024A3F651000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2191334568.0000024A3F642000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280277396.0000024A3ED07000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2191432456.0000024A3F656000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2190877789.0000024A3F63F000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://tukaani.org/xz/MacAttack.exe, 00000002.00000002.2313157264.00007FFDA36BE000.00000002.00000001.01000000.0000000E.sdmpfalse
                    		high
                    http://www.accv.es/legislacion_c.htm??_iMacAttack.exe, 00000002.00000003.2279004249.0000024A3F958000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298204901.0000024A3F95E000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963MacAttack.exe, 00000002.00000002.2298336150.0000024A3FA90000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://peps.python.org/pep-0205/MacAttack.exe, 00000002.00000002.2296678527.0000024A3F340000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://crl.dhimyotis.com/certignarootca.crlMacAttack.exe, 00000002.00000003.2278040855.0000024A3F122000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277704010.0000024A40061000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279728908.0000024A40068000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275619151.0000024A3F113000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A40061000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278847248.0000024A40062000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279206287.0000024A40066000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279946026.0000024A3F139000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276519389.0000024A3F11F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277491952.0000024A3F120000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://curl.haxx.se/rfc/cookie_spec.htmlMacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297909609.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280900904.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://ocsp.accv.esMacAttack.exe, 00000002.00000003.2278590136.0000024A40033000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277755022.0000024A40033000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameMacAttack.exe, 00000002.00000002.2294156003.0000024A3EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyMacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F5F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688MacAttack.exe, 00000002.00000002.2294156003.0000024A3EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://httpbin.org/getMacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276480142.0000024A3EDAE000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275019954.0000024A3F88C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279992393.0000024A3F89D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297909609.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275919426.0000024A3ED6F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280900904.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276229810.0000024A3ED72000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276456591.0000024A3ED9C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F8F9000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274763354.0000024A3ED57000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://free-proxy-list.net/MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeMacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://wwww.certigna.fr/autorites/0mMacAttack.exe, 00000002.00000003.2278040855.0000024A3F122000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280101063.0000024A3F5D6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284924581.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275619151.0000024A3F113000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297075781.0000024A3F5D8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279946026.0000024A3F139000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276306815.0000024A3F5D5000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276519389.0000024A3F11F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277491952.0000024A3F120000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280651455.0000024A3F5D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerMacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/python/cpython/issues/86361.MacAttack.exe, 00000002.00000003.2274905688.0000024A3EDC4000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280240076.0000024A3EDC9000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2187934577.0000024A3F1BB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274458897.0000024A3EDBB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276613164.0000024A3EDC6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2295126320.0000024A3EDCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://mail.python.org/pipermail/python-dev/2012-June/120787.html.MacAttack.exe, 00000002.00000003.2190877789.0000024A3F5E8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://httpbin.org/MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://httpbin.org/ipMacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://wwww.certigna.fr/autorites/MacAttack.exe, 00000002.00000003.2283427227.0000024A4004C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2299129191.0000024A4004D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleMacAttack.exe, 00000002.00000002.2295221619.0000024A3EF30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesMacAttack.exe, 00000002.00000002.2295221619.0000024A3EF30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535MacAttack.exe, 00000002.00000003.2275575769.0000024A3F71A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275131375.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280152305.0000024A3F71E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280863027.0000024A3F724000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297717716.0000024A3F724000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F717000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syMacAttack.exe, 00000002.00000003.2184507571.0000024A3ED25000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.python.org/psf/license/MacAttack.exe, 00000002.00000002.2311272908.00007FFD9471E000.00000004.00000001.01000000.00000005.sdmpfalse
                                                                		high
                                                                https://docs.python.org/3/library/multiprocessing.htmlMacAttack.exe, 00000002.00000003.2190877789.0000024A3F5E8000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2192770946.0000024A3F1B1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2296418125.0000024A3F1DB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F1B1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F1B1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274861716.0000024A3F1DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://wiki.python.org/moin/PythonDecoratorLibrary.MacAttack.exe, 00000002.00000003.2217350101.0000024A400DA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273500312.0000024A40154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://requests.readthedocs.ioexeMacAttack.exe, 00000002.00000002.2298809772.0000024A3FF10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://crl.securetrust.com/STCA.crlMacAttack.exe, 00000002.00000003.2284996030.0000024A3F93A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://wwwsearch.sf.net/):MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275131375.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2282591398.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297746532.0000024A3F7BB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2297909609.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279557560.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280900904.0000024A3F82C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F7BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/python/importlib_metadata/wiki/Development-MethodologyMacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://evilvir.us.streamtv.to:8080/c/MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40033000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277755022.0000024A40033000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.accv.es/legislacion_c.htmMacAttack.exe, 00000002.00000003.2279004249.0000024A3F958000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298204901.0000024A3F95E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tools.ietf.org/html/rfc6125#section-6.4.3MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.zlib.net/DMacAttack.exe, 00000002.00000002.2315262916.00007FFDA4707000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crl.xrampsecurity.com/XGCA.crl0MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276330560.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283318267.0000024A3F706000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277030848.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278754569.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283138644.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.cert.fnmt.es/dpcs/MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279728908.0000024A40054000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279027810.0000024A4004F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280303557.0000024A3F16A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279398956.0000024A3F167000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276703531.0000024A3F15C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278521885.0000024A3F166000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://google.com/mailMacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280206096.0000024A3F15A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275706659.0000024A3F6B2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280081227.0000024A3F6B6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279051343.0000024A3F155000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274530516.0000024A3F6AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://packaging.python.org/specifications/entry-points/MacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298336150.0000024A3FA90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.accv.es00MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.python.org/psf/license/)MacAttack.exe, 00000002.00000002.2310296347.00007FFD94596000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyMacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://foss.heptapod.net/pypy/pypy/-/issues/3539MacAttack.exe, 00000002.00000002.2298336150.0000024A3FA90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.MacAttack.exe, 00000002.00000003.2218108423.0000024A3F800000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F5CB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277674646.0000024A3F5CD000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280169654.0000024A3F5D0000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280101063.0000024A3F5CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://google.com/MacAttack.exe, 00000002.00000003.2278040855.0000024A3F122000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275619151.0000024A3F113000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279946026.0000024A3F139000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276519389.0000024A3F11F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277491952.0000024A3F120000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://html4/loose.dtdMacAttack.exe, 00000002.00000002.2303202411.00007FFD93763000.00000002.00000001.01000000.0000001D.sdmpfalse
                                                                                                      		high
                                                                                                      https://mahler:8092/site-updates.pyMacAttack.exe, 00000002.00000003.2281379242.0000024A3F893000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276822596.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218108423.0000024A3F800000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F877000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280698286.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275019954.0000024A3F88C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://crl.securetrust.com/SGCA.crlMacAttack.exe, 00000002.00000003.2282922495.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284667848.0000024A3F939000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284996030.0000024A3F93A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://.../back.jpegMacAttack.exe, 00000002.00000002.2298677175.0000024A3FE00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://tools.ietf.org/html/rfc7231#section-4.3.6)MacAttack.exe, 00000002.00000003.2281740700.0000024A3F10E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274387291.0000024A3F099000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2295851201.0000024A3F10E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280839824.0000024A3F0FE000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279261102.0000024A3F0A5000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2282756134.0000024A3F10E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276373068.0000024A3F0A4000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274130064.0000024A3F070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://httpbin.org/postMacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276152659.0000024A3F662000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceMacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/Ousret/charset_normalizerMacAttack.exe, 00000002.00000003.2277848528.0000024A3F5C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.olivieraubert.net/vlc/python-ctypes/.MacAttack.exe, 00000002.00000003.2273608729.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217350101.0000024A400DA000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217763395.0000024A3F8C2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273500312.0000024A40154000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280319211.0000024A3F8CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://www.firmaprofesional.com/cps0MacAttack.exe, 00000002.00000002.2295366937.0000024A3F032000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2283519747.0000024A3F15D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2296016953.0000024A3F15D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278301648.0000024A3F031000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276703531.0000024A3F15C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specMacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/urllib3/urllib3/issues/2920MacAttack.exe, 00000002.00000002.2298565972.0000024A3FD00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://.cssMacAttack.exe, 00000002.00000002.2303202411.00007FFD93763000.00000002.00000001.01000000.0000001D.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.securetrust.com/SGCA.crl0MacAttack.exe, 00000002.00000003.2275575769.0000024A3F71A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280152305.0000024A3F71E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F717000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataMacAttack.exe, 00000002.00000002.2294552653.0000024A3ECF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://yahoo.com/MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280206096.0000024A3F15A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275706659.0000024A3F6B2000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280081227.0000024A3F6B6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279051343.0000024A3F155000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274530516.0000024A3F6AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.securetrust.com/STCA.crl0MacAttack.exe, 00000002.00000003.2275575769.0000024A3F71A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277453677.0000024A3F833000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280152305.0000024A3F71E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276187683.0000024A3F831000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F717000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6MacAttack.exe, 00000002.00000003.2275131375.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F752000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2279557560.0000024A3F755000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2282591398.0000024A3F755000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274013818.0000024A3F752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.quovadisglobal.com/cps0MacAttack.exe, 00000002.00000002.2295011636.0000024A3EDAF000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276480142.0000024A3EDAE000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275919426.0000024A3ED6F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276229810.0000024A3ED72000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276456591.0000024A3ED9C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274763354.0000024A3ED57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlMacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278735035.0000024A3F94A000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsMacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspMacAttack.exe, 00000002.00000002.2298446084.0000024A3FBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://tukaani.org/MacAttack.exe, 00000002.00000002.2313157264.00007FFDA36BE000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://www.rfc-editor.org/rfc/rfc8259#section-8.1MacAttack.exe, 00000002.00000003.2280406497.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277312887.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278136588.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2281049346.0000024A3F65E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://requests.readthedocs.ioMacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276152659.0000024A3F662000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298809772.0000024A3FF10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://.jpgMacAttack.exe, 00000002.00000002.2303202411.00007FFD93763000.00000002.00000001.01000000.0000001D.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://repository.swisssign.com/MacAttack.exe, 00000002.00000003.2279233886.0000024A3F945000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2298153299.0000024A3F948000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276330560.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278063193.0000024A3F5C1000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277030848.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284807122.0000024A3F948000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280442288.0000024A3F710000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278754569.0000024A3F6ED000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280749187.0000024A3F5C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://crl.xrampsecurity.com/XGCA.crlMacAttack.exe, 00000002.00000003.2282922495.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284667848.0000024A3F939000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284996030.0000024A3F93A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.python.orgMacAttack.exe, 00000002.00000003.2274645914.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274232002.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217903294.0000024A3F649000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276152659.0000024A3F662000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275726455.0000024A3F649000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/MacAttack.exe, 00000002.00000003.2273871799.0000024A3F14E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218157245.0000024A3F146000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276703531.0000024A3F15C000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278521885.0000024A3F166000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273766970.0000024A3F146000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.accv.es/legislacion_c.htm0UMacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://ocsp.accv.es0MacAttack.exe, 00000002.00000003.2278936471.0000024A40044000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2278590136.0000024A40041000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2277093750.0000024A4003A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.python.org/MacAttack.exe, 00000002.00000003.2281379242.0000024A3F893000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276822596.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2218108423.0000024A3F800000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F877000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280698286.0000024A3F88D000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275019954.0000024A3F88C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://json.orgMacAttack.exe, 00000002.00000003.2274130064.0000024A3F070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://docs.python.org/3/howto/mro.html.MacAttack.exe, 00000002.00000003.2185415369.0000024A3ED5E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packageMacAttack.exe, 00000002.00000002.2294156003.0000024A3EC6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://twitter.com/MacAttack.exe, 00000002.00000003.2218108423.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274905688.0000024A3EDC4000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280240076.0000024A3EDC9000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273691065.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2275466814.0000024A3F81F000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2274458897.0000024A3EDBB000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276613164.0000024A3EDC6000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2280260780.0000024A3F828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://stackoverflow.com/questions/4457745#4457745.MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.sslproxies.org/MacAttack.exe, 00000002.00000002.2296784043.0000024A3F460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.quovadisglobal.com/cpsMacAttack.exe, 00000002.00000003.2282922495.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2273551068.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2276878562.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2284667848.0000024A3F939000.00000004.00000020.00020000.00000000.sdmp, MacAttack.exe, 00000002.00000003.2217474759.0000024A3F91E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_moduleMacAttack.exe, 00000002.00000002.2294156003.0000024A3EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                No contacted IP infos

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                Analysis ID:1575559
                                                                                                                                                                                Start date and time:2024-12-16 02:08:40 +01:00
                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 9m 38s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                Number of analysed new started processes analysed:5
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Sample name:MacAttack.exe
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal52.winEXE@3/202@0/0
                                                                                                                                                                                EGA Information:
                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 56%
                                                                                                                                                                                • Number of executed functions: 71
                                                                                                                                                                                • Number of non-executed functions: 271
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                Warnings

                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                No simulations

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                No context

                                                                                                                                                                                Domains

                                                                                                                                                                                No context

                                                                                                                                                                                ASNs

                                                                                                                                                                                No context

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                No context

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\MSVCP140.dllflashcenter_pp_ax_inst78ll_cn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    ZdXUGLQpoL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      jaPB8q3WL1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        yx7VCK1nxU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          https://cdn-fastly.obsproject.com/downloads/OBS-Studio-30.2.3-Windows-Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            https://github.com/GPSBabel/gpsbabel/releases/download/Continuous-Windows/GPSBabel-20240815T1150Z-e9b2084-Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://cdn-fastly.obsproject.com/downloads/OBS-Studio-30.2.0-Windows-Installer.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\LIBBZ2.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):83216
                                                                                                                                                                                                Entropy (8bit):6.636016990564903
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:yRKNFQY+sYRQ3qsVLZJAJuCBdhUoHKJpKtRYt0TOV9sXYl0PANcHy1kZwrW29KJs:TYotZJAJuCBdqoHKJpKtRYt0TOV9sXYr
                                                                                                                                                                                                MD5:71E7C0F84D0A3D8EE0FFBDB60A36E504
                                                                                                                                                                                                SHA1:F0EB047A187530B7DEB7BC6190DDC4F4F6B4E14C
                                                                                                                                                                                                SHA-256:25A4AAE35DD89709620106DB311AF5BCA7C868182B961E106A895AE14D2FC98A
                                                                                                                                                                                                SHA-512:FC0A869E333C10D28E621558BCB67CF574C6387F6A14E23536940530F0BE544235E76841F352BD23F6274D0081C6AAC74D5824A56D17FE62BB7C6074F54A1473
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L...L...L...E.S.F.......N......O...L...~.......O.......@.......D.......O.......K.......M.......M...RichL...................PE..d...']1f.........." .........@...............................................P.......+....`.................................................x................0..l......../...@..@...@...............................`................................................text............................... ..`.rdata..............................@..@.data...............................@....pdata..l....0......................@..@.reloc..@....@......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\MSVCP140.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):575056
                                                                                                                                                                                                Entropy (8bit):6.529434803175356
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:rSTTigI46Bb3SUPvRgrKtzL4oaQEKZm+jWodEEVPLwtQB:rUStZaQEKZm+jWodEE9CQB
                                                                                                                                                                                                MD5:72F3D84384E888BF0D38852EB863026B
                                                                                                                                                                                                SHA1:8E6A0257591EB913AE7D0E975C56306B3F680B3F
                                                                                                                                                                                                SHA-256:A4C2229BDC2A2A630ACDC095B4D86008E5C3E3BC7773174354F3DA4F5BEB9CDE
                                                                                                                                                                                                SHA-512:6D53634BC51BD383358E0D55988D70AEE6ED3897BC6AE5E0D2413BED27ECFF4C8092020682CD089859023B02D9A1858AC42E64D59C38BA90FBAF89B656C539A6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: flashcenter_pp_ax_inst78ll_cn.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: iDvmIRCPBw.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: ZdXUGLQpoL.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: jaPB8q3WL1.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: yx7VCK1nxU.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H...0...H...0...H...H...H......H......H......H....._H......H....w..H......H..Rich.H..................PE..d...c/..........." ...(.6...X......0...............................................J,....`A.........................................2..h...X...,............p.. :...v..PP..............p...........................`...@............P..x............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data...p8...0......................@....pdata.. :...p...<...,..............@..@.rsrc................h..............@..@.reloc...............l..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\MSVCP140.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):590112
                                                                                                                                                                                                Entropy (8bit):6.461874649448891
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
                                                                                                                                                                                                MD5:01B946A2EDC5CC166DE018DBB754B69C
                                                                                                                                                                                                SHA1:DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
                                                                                                                                                                                                SHA-256:88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
                                                                                                                                                                                                SHA-512:65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\MSVCP140_1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):31728
                                                                                                                                                                                                Entropy (8bit):6.499754548353504
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
                                                                                                                                                                                                MD5:0FE6D52EB94C848FE258DC0EC9FF4C11
                                                                                                                                                                                                SHA1:95CC74C64AB80785F3893D61A73B8A958D24DA29
                                                                                                                                                                                                SHA-256:446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
                                                                                                                                                                                                SHA-512:C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Core.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6023664
                                                                                                                                                                                                Entropy (8bit):6.768988071491288
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
                                                                                                                                                                                                MD5:817520432A42EFA345B2D97F5C24510E
                                                                                                                                                                                                SHA1:FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
                                                                                                                                                                                                SHA-256:8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
                                                                                                                                                                                                SHA-512:8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5DBus.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):436720
                                                                                                                                                                                                Entropy (8bit):6.392610185061176
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
                                                                                                                                                                                                MD5:0E8FF02D971B61B5D2DD1AC4DF01AE4A
                                                                                                                                                                                                SHA1:638F0B46730884FA036900649F69F3021557E2FE
                                                                                                                                                                                                SHA-256:1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
                                                                                                                                                                                                SHA-512:7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*.....*...+..*.../..*.......*...)..*...+..*.O.+..*..+...*.O./..*.O.*..*.O....*.....*.O.(..*.Rich.*.........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Gui.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7008240
                                                                                                                                                                                                Entropy (8bit):6.674290383197779
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
                                                                                                                                                                                                MD5:47307A1E2E9987AB422F09771D590FF1
                                                                                                                                                                                                SHA1:0DFC3A947E56C749A75F921F4A850A3DCBF04248
                                                                                                                                                                                                SHA-256:5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
                                                                                                                                                                                                SHA-512:21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Network.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1340400
                                                                                                                                                                                                Entropy (8bit):6.41486755163134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
                                                                                                                                                                                                MD5:3569693D5BAE82854DE1D88F86C33184
                                                                                                                                                                                                SHA1:1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
                                                                                                                                                                                                SHA-256:4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
                                                                                                                                                                                                SHA-512:E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Qml.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3591664
                                                                                                                                                                                                Entropy (8bit):6.333693598000157
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
                                                                                                                                                                                                MD5:D055566B5168D7B1D4E307C41CE47C4B
                                                                                                                                                                                                SHA1:043C0056E9951DA79EC94A66A784972532DC18EF
                                                                                                                                                                                                SHA-256:30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
                                                                                                                                                                                                SHA-512:4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5QmlModels.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):438768
                                                                                                                                                                                                Entropy (8bit):6.312090336793804
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
                                                                                                                                                                                                MD5:2030C4177B499E6118BE5B9E5761FCE1
                                                                                                                                                                                                SHA1:050D0E67C4AA890C80F46CF615431004F2F4F8FC
                                                                                                                                                                                                SHA-256:51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
                                                                                                                                                                                                SHA-512:488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Quick.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4148720
                                                                                                                                                                                                Entropy (8bit):6.462183686222023
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
                                                                                                                                                                                                MD5:65F59CFC0C1C060CE20D3B9CEFFBAF46
                                                                                                                                                                                                SHA1:CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
                                                                                                                                                                                                SHA-256:C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
                                                                                                                                                                                                SHA-512:D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Svg.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):330736
                                                                                                                                                                                                Entropy (8bit):6.381828869454302
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
                                                                                                                                                                                                MD5:03761F923E52A7269A6E3A7452F6BE93
                                                                                                                                                                                                SHA1:2CE53C424336BCC8047E10FA79CE9BCE14059C50
                                                                                                                                                                                                SHA-256:7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
                                                                                                                                                                                                SHA-512:DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5WebSockets.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):149488
                                                                                                                                                                                                Entropy (8bit):6.116105454277536
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
                                                                                                                                                                                                MD5:A016545F963548E0F37885E07EF945C7
                                                                                                                                                                                                SHA1:CBE499E53AB0BD2DA21018F4E2092E33560C846F
                                                                                                                                                                                                SHA-256:6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
                                                                                                                                                                                                SHA-512:47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\Qt5Widgets.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5498352
                                                                                                                                                                                                Entropy (8bit):6.619117060971844
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
                                                                                                                                                                                                MD5:4CD1F8FDCD617932DB131C3688845EA8
                                                                                                                                                                                                SHA1:B090ED884B07D2D98747141AEFD25590B8B254F9
                                                                                                                                                                                                SHA-256:3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
                                                                                                                                                                                                SHA-512:7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\VCRUNTIME140.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):101872
                                                                                                                                                                                                Entropy (8bit):6.5661918084228725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
                                                                                                                                                                                                MD5:971DBBE854FC6AB78C095607DFAD7B5C
                                                                                                                                                                                                SHA1:1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
                                                                                                                                                                                                SHA-256:5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
                                                                                                                                                                                                SHA-512:B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):44528
                                                                                                                                                                                                Entropy (8bit):6.627837381503075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
                                                                                                                                                                                                MD5:6BC084255A5E9EB8DF2BCD75B4CD0777
                                                                                                                                                                                                SHA1:CF071AD4E512CD934028F005CABE06384A3954B6
                                                                                                                                                                                                SHA-256:1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
                                                                                                                                                                                                SHA-512:B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\d3dcompiler_47.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4173928
                                                                                                                                                                                                Entropy (8bit):6.329102290474506
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
                                                                                                                                                                                                MD5:B0AE3AA9DD1EBD60BDF51CB94834CD04
                                                                                                                                                                                                SHA1:EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
                                                                                                                                                                                                SHA-256:E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
                                                                                                                                                                                                SHA-512:756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libEGL.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):25072
                                                                                                                                                                                                Entropy (8bit):5.961464514165753
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
                                                                                                                                                                                                MD5:BB00EF1DD81296AF10FDFA673B4D1397
                                                                                                                                                                                                SHA1:773FFCF4A231B963BAAC36CBEF68079C09B62837
                                                                                                                                                                                                SHA-256:32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
                                                                                                                                                                                                SHA-512:C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\libGLESv2.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3385328
                                                                                                                                                                                                Entropy (8bit):6.382356347494905
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
                                                                                                                                                                                                MD5:2247EE4356666335DF7D72129AF8D600
                                                                                                                                                                                                SHA1:F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
                                                                                                                                                                                                SHA-256:50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
                                                                                                                                                                                                SHA-512:67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\bin\opengl32sw.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20923392
                                                                                                                                                                                                Entropy (8bit):6.255903817217008
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
                                                                                                                                                                                                MD5:7DBC97BFEE0C7AC89DA8D0C770C977B6
                                                                                                                                                                                                SHA1:A064C8D8967AAA4ADA29BD9FEFBE40405360412C
                                                                                                                                                                                                SHA-256:963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
                                                                                                                                                                                                SHA-512:286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........|.-.....|.+.*...|.*.<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68080
                                                                                                                                                                                                Entropy (8bit):6.207162014262433
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
                                                                                                                                                                                                MD5:750A31DE7840B5EED8BA14C1BD84D348
                                                                                                                                                                                                SHA1:D345D13B0C303B7094D1C438E49F0046791DE7F6
                                                                                                                                                                                                SHA-256:A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
                                                                                                                                                                                                SHA-512:5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):41968
                                                                                                                                                                                                Entropy (8bit):6.0993566622860635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
                                                                                                                                                                                                MD5:313F89994F3FEA8F67A48EE13359F4BA
                                                                                                                                                                                                SHA1:8C7D4509A0CAA1164CC9415F44735B885A2F3270
                                                                                                                                                                                                SHA-256:42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
                                                                                                                                                                                                SHA-512:06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:*..i*..i*..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i*..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qgif.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):39408
                                                                                                                                                                                                Entropy (8bit):6.0316011626259405
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
                                                                                                                                                                                                MD5:52FD90E34FE8DED8E197B532BD622EF7
                                                                                                                                                                                                SHA1:834E280E00BAE48A9E509A7DC909BEA3169BDCE2
                                                                                                                                                                                                SHA-256:36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
                                                                                                                                                                                                SHA-512:EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qicns.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):45040
                                                                                                                                                                                                Entropy (8bit):6.016125225197622
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
                                                                                                                                                                                                MD5:AD84AF4D585643FF94BFA6DE672B3284
                                                                                                                                                                                                SHA1:5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
                                                                                                                                                                                                SHA-256:F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
                                                                                                                                                                                                SHA-512:B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qico.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):38384
                                                                                                                                                                                                Entropy (8bit):5.957072398645384
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
                                                                                                                                                                                                MD5:A9ABD4329CA364D4F430EDDCB471BE59
                                                                                                                                                                                                SHA1:C00A629419509929507A05AEBB706562C837E337
                                                                                                                                                                                                SHA-256:1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
                                                                                                                                                                                                SHA-512:004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):421360
                                                                                                                                                                                                Entropy (8bit):5.7491063936821405
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
                                                                                                                                                                                                MD5:16ABCCEB70BA20E73858E8F1912C05CD
                                                                                                                                                                                                SHA1:4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
                                                                                                                                                                                                SHA-256:FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
                                                                                                                                                                                                SHA-512:3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qsvg.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32240
                                                                                                                                                                                                Entropy (8bit):5.978149408776758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
                                                                                                                                                                                                MD5:C0DE135782FA0235A0EA8E97898EAF2A
                                                                                                                                                                                                SHA1:FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
                                                                                                                                                                                                SHA-256:B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
                                                                                                                                                                                                SHA-512:7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtga.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):31728
                                                                                                                                                                                                Entropy (8bit):5.865766652452823
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
                                                                                                                                                                                                MD5:A913276FA25D2E6FD999940454C23093
                                                                                                                                                                                                SHA1:785B7BC7110218EC0E659C0E5ACE9520AA451615
                                                                                                                                                                                                SHA-256:5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
                                                                                                                                                                                                SHA-512:CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qtiff.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):390128
                                                                                                                                                                                                Entropy (8bit):5.724665470266677
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
                                                                                                                                                                                                MD5:9C0ACF12D3D25384868DCD81C787F382
                                                                                                                                                                                                SHA1:C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
                                                                                                                                                                                                SHA-256:825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
                                                                                                                                                                                                SHA-512:45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30192
                                                                                                                                                                                                Entropy (8bit):5.938644231596902
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
                                                                                                                                                                                                MD5:68919381E3C64E956D05863339F5C68C
                                                                                                                                                                                                SHA1:CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
                                                                                                                                                                                                SHA-256:0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
                                                                                                                                                                                                SHA-512:6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\imageformats\qwebp.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):510448
                                                                                                                                                                                                Entropy (8bit):6.605517748735854
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
                                                                                                                                                                                                MD5:308E4565C3C5646F9ABD77885B07358E
                                                                                                                                                                                                SHA1:71CB8047A9EF0CDB3EE27428726CACD063BB95B7
                                                                                                                                                                                                SHA-256:6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
                                                                                                                                                                                                SHA-512:FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qminimal.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):844784
                                                                                                                                                                                                Entropy (8bit):6.625808732261156
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
                                                                                                                                                                                                MD5:2F6D88F8EC3047DEAF174002228219AB
                                                                                                                                                                                                SHA1:EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
                                                                                                                                                                                                SHA-256:05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
                                                                                                                                                                                                SHA-512:0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):754672
                                                                                                                                                                                                Entropy (8bit):6.6323155845799695
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
                                                                                                                                                                                                MD5:6407499918557594916C6AB1FFEF1E99
                                                                                                                                                                                                SHA1:5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
                                                                                                                                                                                                SHA-256:54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
                                                                                                                                                                                                SHA-512:8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.|.JQ..KT..K...K.|.Js..K.|.JS..K.|.JU..K.|[KU..K.|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwebgl.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):482288
                                                                                                                                                                                                Entropy (8bit):6.152380961313931
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
                                                                                                                                                                                                MD5:1EDCB08C16D30516483A4CBB7D81E062
                                                                                                                                                                                                SHA1:4760915F1B90194760100304B8469A3B2E97E2BC
                                                                                                                                                                                                SHA-256:9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
                                                                                                                                                                                                SHA-512:0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platforms\qwindows.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1477104
                                                                                                                                                                                                Entropy (8bit):6.575113537540671
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
                                                                                                                                                                                                MD5:4931FCD0E86C4D4F83128DC74E01EAAD
                                                                                                                                                                                                SHA1:AC1D0242D36896D4DDA53B95812F11692E87D8DF
                                                                                                                                                                                                SHA-256:3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
                                                                                                                                                                                                SHA-512:0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68592
                                                                                                                                                                                                Entropy (8bit):6.125954940500008
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
                                                                                                                                                                                                MD5:F66F6E9EDA956F72E3BB113407035E61
                                                                                                                                                                                                SHA1:97328524DA8E82F5F92878F1C0421B38ECEC1E6C
                                                                                                                                                                                                SHA-256:E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
                                                                                                                                                                                                SHA-512:7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):144368
                                                                                                                                                                                                Entropy (8bit):6.294675868932723
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
                                                                                                                                                                                                MD5:53A85F51054B7D58D8AD7C36975ACB96
                                                                                                                                                                                                SHA1:893A757CA01472A96FB913D436AA9F8CFB2A297F
                                                                                                                                                                                                SHA-256:D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
                                                                                                                                                                                                SHA-512:35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_ar.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):130
                                                                                                                                                                                                Entropy (8bit):4.024232093209084
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
                                                                                                                                                                                                MD5:8FF05B56C0995F90A80B7064AA6E915C
                                                                                                                                                                                                SHA1:D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
                                                                                                                                                                                                SHA-256:A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
                                                                                                                                                                                                SHA-512:5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_bg.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):3.6813848812976975
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
                                                                                                                                                                                                MD5:466EED6C184D2055488D4C5EA9AE5F20
                                                                                                                                                                                                SHA1:8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
                                                                                                                                                                                                SHA-256:9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
                                                                                                                                                                                                SHA-512:D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_ca.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):3.631479835393124
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
                                                                                                                                                                                                MD5:6FBA66FE449866B478A2EBA66A724A02
                                                                                                                                                                                                SHA1:EBEF6ED8460218CE8DF735659A8CBCD693600AC6
                                                                                                                                                                                                SHA-256:171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
                                                                                                                                                                                                SHA-512:2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_cs.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):157
                                                                                                                                                                                                Entropy (8bit):3.7483537099309427
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
                                                                                                                                                                                                MD5:D033053C03C3ECFA2AA926E0E674F67F
                                                                                                                                                                                                SHA1:B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
                                                                                                                                                                                                SHA-256:3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
                                                                                                                                                                                                SHA-512:2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_da.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
                                                                                                                                                                                                MD5:E6A683F4A0883B5B0C7D30B847EF208C
                                                                                                                                                                                                SHA1:FF2440DBBFE04AD86C6F285426AAFD49A895B128
                                                                                                                                                                                                SHA-256:B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
                                                                                                                                                                                                SHA-512:D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_de.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
                                                                                                                                                                                                MD5:06168E1261BF72F49F94927723B2E1EB
                                                                                                                                                                                                SHA1:DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
                                                                                                                                                                                                SHA-256:5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
                                                                                                                                                                                                SHA-512:AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_en.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                Entropy (8bit):4.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`...

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_es.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):3.6070658648473097
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
                                                                                                                                                                                                MD5:EE47DFADBA4414FDC051C5CFBE71DDC1
                                                                                                                                                                                                SHA1:DE650E96A9C130D35F8A498202773EF7FC875D27
                                                                                                                                                                                                SHA-256:E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
                                                                                                                                                                                                SHA-512:8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_fa.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):293121
                                                                                                                                                                                                Entropy (8bit):5.272179385890926
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
                                                                                                                                                                                                MD5:F9C3624197ACB30A9E6CC799BB65BED6
                                                                                                                                                                                                SHA1:D715EAE24387DE15588F68C92991A93FAFB5EEAB
                                                                                                                                                                                                SHA-256:B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
                                                                                                                                                                                                SHA-512:199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_fi.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):117
                                                                                                                                                                                                Entropy (8bit):3.739162292019161
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
                                                                                                                                                                                                MD5:72882942B07B8AAC98034016E752B1A0
                                                                                                                                                                                                SHA1:BF23B4C136B863B10E770019A2DF62FC988859DF
                                                                                                                                                                                                SHA-256:048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
                                                                                                                                                                                                SHA-512:403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_fr.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):3.680458675741643
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
                                                                                                                                                                                                MD5:3C45C665CFE036A7474CB4DCBB13CF40
                                                                                                                                                                                                SHA1:62312DFF3C4CD38BAE8456C981601D0D89600F63
                                                                                                                                                                                                SHA-256:8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
                                                                                                                                                                                                SHA-512:21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_gd.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):70
                                                                                                                                                                                                Entropy (8bit):4.463523104731333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
                                                                                                                                                                                                MD5:A8D55457C0413893F746D40B637F9C93
                                                                                                                                                                                                SHA1:25123615482947772176E055E4A74043B2FBCAA0
                                                                                                                                                                                                SHA-256:49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
                                                                                                                                                                                                SHA-512:99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_gl.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):323590
                                                                                                                                                                                                Entropy (8bit):4.568068046062524
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
                                                                                                                                                                                                MD5:0661FFABFBC50187F3BA38876B721946
                                                                                                                                                                                                SHA1:EB5E7205355CFC6BCB4DF27E224079842C97B296
                                                                                                                                                                                                SHA-256:204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
                                                                                                                                                                                                SHA-512:65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......gl_ESB..I....*.......+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9...............*.......)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_he.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):83
                                                                                                                                                                                                Entropy (8bit):3.880645689209568
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
                                                                                                                                                                                                MD5:DD5C2C6B148F2DB3E666B859776AE129
                                                                                                                                                                                                SHA1:8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
                                                                                                                                                                                                SHA-256:C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
                                                                                                                                                                                                SHA-512:2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_ar.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8743
                                                                                                                                                                                                Entropy (8bit):5.189558605179696
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
                                                                                                                                                                                                MD5:CCD39A7C8139AD041E31B3E5D40968B4
                                                                                                                                                                                                SHA1:5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
                                                                                                                                                                                                SHA-256:222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
                                                                                                                                                                                                SHA-512:9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......arB.....(.....d.0T....*.5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8.*.9.0.Q.1. .F.3... .E.D.A.Q. .'.D.*.Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.......*.9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>.*.9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L.*.9.0.Q.1. .*.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_bg.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10599
                                                                                                                                                                                                Entropy (8bit):5.192287379770591
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
                                                                                                                                                                                                MD5:5538049DA3A1D1D724AB6E11D2E2EDBE
                                                                                                                                                                                                SHA1:7256BE390B88A053C0252488C443BE42F6F2D92A
                                                                                                                                                                                                SHA-256:CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
                                                                                                                                                                                                SHA-512:DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_ca.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7444
                                                                                                                                                                                                Entropy (8bit):4.580794980254807
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
                                                                                                                                                                                                MD5:66722ED97BCBFD3DAE3C8264413859AB
                                                                                                                                                                                                SHA1:400A93B213FCF9BBC9785881EA82ADB9F444CD6C
                                                                                                                                                                                                SHA-256:ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
                                                                                                                                                                                                SHA-512:B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_cs.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15297
                                                                                                                                                                                                Entropy (8bit):4.708378368926237
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
                                                                                                                                                                                                MD5:ED228F0F60AE9AEC28AB9171D5AE9590
                                                                                                                                                                                                SHA1:7F061CF0C699D125A5531E3480C21964452F45EA
                                                                                                                                                                                                SHA-256:4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
                                                                                                                                                                                                SHA-512:794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....*B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!....*..K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_da.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4795
                                                                                                                                                                                                Entropy (8bit):4.530246422531362
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
                                                                                                                                                                                                MD5:1D09BEE1FB55A173F7EB39B9A662A170
                                                                                                                                                                                                SHA1:C77F0A148262A91679F19689E4790B754D45D5D5
                                                                                                                                                                                                SHA-256:6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
                                                                                                                                                                                                SHA-512:BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_de.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7570
                                                                                                                                                                                                Entropy (8bit):4.550982634910665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
                                                                                                                                                                                                MD5:3B070D169E3381E2FB081172934AAD00
                                                                                                                                                                                                SHA1:70886EB7EF566B296D0814BD4C2440AC176699D6
                                                                                                                                                                                                SHA-256:9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
                                                                                                                                                                                                SHA-512:271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_en.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                Entropy (8bit):4.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`...

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_es.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10704
                                                                                                                                                                                                Entropy (8bit):4.481291573289571
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
                                                                                                                                                                                                MD5:9EDF433AB9EE5FC7CF7782370150B26A
                                                                                                                                                                                                SHA1:A918AE15A0DF187C7789BE8599A80E279F039964
                                                                                                                                                                                                SHA-256:FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
                                                                                                                                                                                                SHA-512:88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_fr.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10922
                                                                                                                                                                                                Entropy (8bit):4.459946393010639
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
                                                                                                                                                                                                MD5:D520C7F85CC06C66715A2B6622BF0687
                                                                                                                                                                                                SHA1:47292D068172FBC9DC0D9BE2F479E890A37CE138
                                                                                                                                                                                                SHA-256:687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
                                                                                                                                                                                                SHA-512:736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_gl.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10891
                                                                                                                                                                                                Entropy (8bit):4.5087667371046205
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
                                                                                                                                                                                                MD5:B62C74793741FC386332A59113E8D412
                                                                                                                                                                                                SHA1:589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
                                                                                                                                                                                                SHA-256:7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
                                                                                                                                                                                                SHA-512:D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_hu.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10284
                                                                                                                                                                                                Entropy (8bit):4.674501432335502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
                                                                                                                                                                                                MD5:5A56E9E2ED6ECE3F249D1C2A7EB3B172
                                                                                                                                                                                                SHA1:D6F079F40FBB813B0293C1D2210BAE7084092FEC
                                                                                                                                                                                                SHA-256:70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
                                                                                                                                                                                                SHA-512:28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_it.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10612
                                                                                                                                                                                                Entropy (8bit):4.458970627057882
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
                                                                                                                                                                                                MD5:3639B57B463987F6DB07629253ACD8BF
                                                                                                                                                                                                SHA1:65935A67C73F19FCF6023FB95030A5ACAF9DA21C
                                                                                                                                                                                                SHA-256:316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
                                                                                                                                                                                                SHA-512:AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_ja.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7917
                                                                                                                                                                                                Entropy (8bit):5.680408580146589
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
                                                                                                                                                                                                MD5:1380A9352C476071BDA5A5D4FED0B6C5
                                                                                                                                                                                                SHA1:9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
                                                                                                                                                                                                SHA-256:AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
                                                                                                                                                                                                SHA-512:EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_ko.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5708
                                                                                                                                                                                                Entropy (8bit):5.698914195742074
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
                                                                                                                                                                                                MD5:CD15674A652C2BF435F7578E119182F8
                                                                                                                                                                                                SHA1:AEA22E4A0D21396733802C7AB738DDD03737B7D6
                                                                                                                                                                                                SHA-256:F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
                                                                                                                                                                                                SHA-512:88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_pl.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9673
                                                                                                                                                                                                Entropy (8bit):4.622652249027856
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
                                                                                                                                                                                                MD5:2B68446B69D9AA40B273D75A581D2992
                                                                                                                                                                                                SHA1:8A09BD38998543B74E2673478EDD54FB4BBDD068
                                                                                                                                                                                                SHA-256:CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
                                                                                                                                                                                                SHA-512:F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_ru.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7288
                                                                                                                                                                                                Entropy (8bit):5.297177914619657
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
                                                                                                                                                                                                MD5:794AF445A5D7082D51BD22683449F86D
                                                                                                                                                                                                SHA1:3A0C369872B112A1572AA17EEB814B168B225D98
                                                                                                                                                                                                SHA-256:557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
                                                                                                                                                                                                SHA-512:D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_sk.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10388
                                                                                                                                                                                                Entropy (8bit):4.70568613551943
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
                                                                                                                                                                                                MD5:75C94E59F1FC5312AE25381C247AF992
                                                                                                                                                                                                SHA1:E3E5F4582CC5FAFE6DF43644D11484861023C084
                                                                                                                                                                                                SHA-256:F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
                                                                                                                                                                                                SHA-512:959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_sl.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10363
                                                                                                                                                                                                Entropy (8bit):4.613473842638716
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
                                                                                                                                                                                                MD5:3B0AEE27B193A8A563C5CB5C7C4FE60F
                                                                                                                                                                                                SHA1:C94E832595EC765370553468F87C02DB7E7D138A
                                                                                                                                                                                                SHA-256:2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
                                                                                                                                                                                                SHA-512:EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_tr.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4629
                                                                                                                                                                                                Entropy (8bit):4.68793836539357
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
                                                                                                                                                                                                MD5:32D6EE3D8EE6408A03E568B972F93BCB
                                                                                                                                                                                                SHA1:582EE079DBD42000C378E0701D26405750524DBA
                                                                                                                                                                                                SHA-256:EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
                                                                                                                                                                                                SHA-512:24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_uk.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9750
                                                                                                                                                                                                Entropy (8bit):5.281035122342072
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
                                                                                                                                                                                                MD5:90A776917D534B65942063C319573CDC
                                                                                                                                                                                                SHA1:5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
                                                                                                                                                                                                SHA-256:497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
                                                                                                                                                                                                SHA-512:B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_zh_CN.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6441
                                                                                                                                                                                                Entropy (8bit):5.790303416386852
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
                                                                                                                                                                                                MD5:9297A6905B8B1823BF7E318D9138A104
                                                                                                                                                                                                SHA1:3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
                                                                                                                                                                                                SHA-256:C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
                                                                                                                                                                                                SHA-512:01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_help_zh_TW.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9301
                                                                                                                                                                                                Entropy (8bit):5.80411750798786
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
                                                                                                                                                                                                MD5:47C3328D3918CF627112BB6C50E30B86
                                                                                                                                                                                                SHA1:05705603AB3F28402A6C103E1C41DDFF21D140C0
                                                                                                                                                                                                SHA-256:3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
                                                                                                                                                                                                SHA-512:8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_hu.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):146
                                                                                                                                                                                                Entropy (8bit):3.6255640074603277
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
                                                                                                                                                                                                MD5:5A46979B45C67DD6312F33CCEA2ED7BC
                                                                                                                                                                                                SHA1:4C56836B1FB10D9903B299CBCB925947D515B4C8
                                                                                                                                                                                                SHA-256:BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
                                                                                                                                                                                                SHA-512:BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_it.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):3.5752972123113778
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
                                                                                                                                                                                                MD5:2BB8C94D420D3BC344C79A01043BDC89
                                                                                                                                                                                                SHA1:3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
                                                                                                                                                                                                SHA-256:9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
                                                                                                                                                                                                SHA-512:C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_ja.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):146
                                                                                                                                                                                                Entropy (8bit):3.599979504080125
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
                                                                                                                                                                                                MD5:8A1EE3433304838CCD0EBE0A825E84D8
                                                                                                                                                                                                SHA1:2B3476588350C5384E0F9A51FF2E3659E89B4846
                                                                                                                                                                                                SHA-256:23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
                                                                                                                                                                                                SHA-512:2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_ko.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):146
                                                                                                                                                                                                Entropy (8bit):3.652277257665055
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
                                                                                                                                                                                                MD5:7B2659AF52B824EAC6C169CDD9467EE9
                                                                                                                                                                                                SHA1:5727109218B222E3B654A8CC9933E970EB7C2118
                                                                                                                                                                                                SHA-256:4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
                                                                                                                                                                                                SHA-512:E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_lt.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):165383
                                                                                                                                                                                                Entropy (8bit):4.805977227348512
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
                                                                                                                                                                                                MD5:8992B652D1499F5D2F12674F3F875A35
                                                                                                                                                                                                SHA1:E22766A49612F79156C550D83C6C230345DDA433
                                                                                                                                                                                                SHA-256:47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
                                                                                                                                                                                                SHA-512:9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ltB..0X...*..)C...+...|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E..*....................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_lv.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):89
                                                                                                                                                                                                Entropy (8bit):4.156834975253888
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
                                                                                                                                                                                                MD5:19F1B919BB531E9E12E7F707BEBD8497
                                                                                                                                                                                                SHA1:46E82683CEA28D877C73A5CE02F965BB1130FC62
                                                                                                                                                                                                SHA-256:03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
                                                                                                                                                                                                SHA-512:901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_pl.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):161
                                                                                                                                                                                                Entropy (8bit):3.8693516202048612
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
                                                                                                                                                                                                MD5:D71EA9FEFD97464B178235150EC8759E
                                                                                                                                                                                                SHA1:61026FE602FD1B8B442A0D341C6BD759EEC75488
                                                                                                                                                                                                SHA-256:BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
                                                                                                                                                                                                SHA-512:ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_pt.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):70334
                                                                                                                                                                                                Entropy (8bit):4.732724622610353
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
                                                                                                                                                                                                MD5:6656500F7A28EF820AE9F97FD47FB5BB
                                                                                                                                                                                                SHA1:CC112B9C9513BCF7497F3417168B4C8A9F7640A9
                                                                                                                                                                                                SHA-256:2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
                                                                                                                                                                                                SHA-512:5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......pt_PTB...(...*...9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,.*.y.....*.y..o..*.y.....*.T..L..*.0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_ru.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):164
                                                                                                                                                                                                Entropy (8bit):3.984562388316898
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
                                                                                                                                                                                                MD5:F7A8C75408B9A34A2B185E76F51B7B85
                                                                                                                                                                                                SHA1:065E987139C5FB809A6F9CDF3845BCD79707FDBB
                                                                                                                                                                                                SHA-256:6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
                                                                                                                                                                                                SHA-512:E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_sk.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):157
                                                                                                                                                                                                Entropy (8bit):3.7731953311404336
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
                                                                                                                                                                                                MD5:24C179481B5EF574F33E983A62A34D53
                                                                                                                                                                                                SHA1:0A67F1ED8CA4A5182F504806F8D47D499789F2D2
                                                                                                                                                                                                SHA-256:B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
                                                                                                                                                                                                SHA-512:4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_sl.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):228428
                                                                                                                                                                                                Entropy (8bit):4.726953418955661
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
                                                                                                                                                                                                MD5:D35A0FE35476BE8BD149CEE46E42B5E9
                                                                                                                                                                                                SHA1:9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
                                                                                                                                                                                                SHA-256:C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
                                                                                                                                                                                                SHA-512:BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_sv.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):65851
                                                                                                                                                                                                Entropy (8bit):4.7906769989650515
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
                                                                                                                                                                                                MD5:0E85E0E0E7DDFE3D4BDE302F27047F9C
                                                                                                                                                                                                SHA1:AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
                                                                                                                                                                                                SHA-256:4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
                                                                                                                                                                                                SHA-512:8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`...B.......*.......+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,...........*......i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y.....*.y.../.*.y..h..*.y.....*.T..J..*.0..'[.*.0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_tr.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):110
                                                                                                                                                                                                Entropy (8bit):3.630483009136986
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
                                                                                                                                                                                                MD5:16CDF5B9D48B0F795D532A0D07F5C3A0
                                                                                                                                                                                                SHA1:6E403C9096B3051973E2B681DFEBBC8DD024830D
                                                                                                                                                                                                SHA-256:F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
                                                                                                                                                                                                SHA-512:36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_uk.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):164
                                                                                                                                                                                                Entropy (8bit):4.021402900389864
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
                                                                                                                                                                                                MD5:9B101363343847FE42167183320C03F0
                                                                                                                                                                                                SHA1:F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
                                                                                                                                                                                                SHA-256:F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
                                                                                                                                                                                                SHA-512:DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_zh_CN.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):117347
                                                                                                                                                                                                Entropy (8bit):5.8593733369029195
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
                                                                                                                                                                                                MD5:0D02F0DE5A12BCB338B7042DFBDAACF3
                                                                                                                                                                                                SHA1:B7C10D249D8986AD8C6939B370407D07227A39F5
                                                                                                                                                                                                SHA-256:28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
                                                                                                                                                                                                SHA-512:21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......zhB..+....*.......+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`......*........................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qt_zh_TW.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):141
                                                                                                                                                                                                Entropy (8bit):3.7198292994386235
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
                                                                                                                                                                                                MD5:ED4135D705AEF3D97F8BF6B8FF11F09C
                                                                                                                                                                                                SHA1:308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
                                                                                                                                                                                                SHA-256:751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
                                                                                                                                                                                                SHA-512:B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_ar.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):160017
                                                                                                                                                                                                Entropy (8bit):5.35627970915292
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
                                                                                                                                                                                                MD5:A7E4D0BA0FC5DF07F62CC66EC9878979
                                                                                                                                                                                                SHA1:21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
                                                                                                                                                                                                SHA-256:E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
                                                                                                                                                                                                SHA-512:D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_bg.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):165337
                                                                                                                                                                                                Entropy (8bit):5.332219158085151
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
                                                                                                                                                                                                MD5:660413AD666A6B31A1ACF8F216781D6E
                                                                                                                                                                                                SHA1:654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
                                                                                                                                                                                                SHA-256:E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
                                                                                                                                                                                                SHA-512:C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......bg_BGB../....*..,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O...........*...}..,............=...Q...m..,....t...|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_ca.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):210159
                                                                                                                                                                                                Entropy (8bit):4.666388181115542
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
                                                                                                                                                                                                MD5:B383F6D4B9EEA51C065E73ECB95BBD23
                                                                                                                                                                                                SHA1:DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
                                                                                                                                                                                                SHA-256:52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
                                                                                                                                                                                                SHA-512:9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_cs.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174701
                                                                                                                                                                                                Entropy (8bit):4.87192387061682
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
                                                                                                                                                                                                MD5:C57D0DE9D8458A5BEB2114E47B0FDE47
                                                                                                                                                                                                SHA1:3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
                                                                                                                                                                                                SHA-256:03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
                                                                                                                                                                                                SHA-512:F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......cs_CZB..3p...*..F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9...............*...;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_da.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):181387
                                                                                                                                                                                                Entropy (8bit):4.755193800761075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
                                                                                                                                                                                                MD5:859CE522A233AF31ED8D32822DA7755B
                                                                                                                                                                                                SHA1:70B19B2A6914DA7D629F577F8987553713CD5D3F
                                                                                                                                                                                                SHA-256:7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
                                                                                                                                                                                                SHA-512:F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......daB..4....*..h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V...*...f...e...f.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_de.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):220467
                                                                                                                                                                                                Entropy (8bit):4.626295310482312
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
                                                                                                                                                                                                MD5:40760A3456C9C8ABE6EA90336AF5DA01
                                                                                                                                                                                                SHA1:B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
                                                                                                                                                                                                SHA-256:553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
                                                                                                                                                                                                SHA-512:068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_en.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                Entropy (8bit):4.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`...

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_es.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):165170
                                                                                                                                                                                                Entropy (8bit):4.679910767547088
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
                                                                                                                                                                                                MD5:C7C58A6D683797BFDD3EF676A37E2A40
                                                                                                                                                                                                SHA1:809E580CDBF2FFDA10C77F8BE9BAC081978C102B
                                                                                                                                                                                                SHA-256:4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
                                                                                                                                                                                                SHA-512:C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......es_ESB../....*..*,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_fi.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):179941
                                                                                                                                                                                                Entropy (8bit):4.720938209922096
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
                                                                                                                                                                                                MD5:8472CF0BF6C659177AD45AA9E3A3247C
                                                                                                                                                                                                SHA1:7B5313CDA126BB7863001499FB66FB1B56C255FC
                                                                                                                                                                                                SHA-256:E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
                                                                                                                                                                                                SHA-512:DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......fiB..38...*..ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]..*....s...T...t.......................;..*....;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5...*...5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_fr.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):166167
                                                                                                                                                                                                Entropy (8bit):4.685212271435657
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
                                                                                                                                                                                                MD5:1F41FF5D3A781908A481C07B35998729
                                                                                                                                                                                                SHA1:ECF3B3156FFE14569ECDF805CF3BE12F29681261
                                                                                                                                                                                                SHA-256:EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
                                                                                                                                                                                                SHA-512:A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_gd.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):189580
                                                                                                                                                                                                Entropy (8bit):4.630160941635514
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
                                                                                                                                                                                                MD5:EB1FB93B0BE51C2AD78FC7BA2F8B9F42
                                                                                                                                                                                                SHA1:24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
                                                                                                                                                                                                SHA-256:63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
                                                                                                                                                                                                SHA-512:E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8|..f...Z...f...=..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_he.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):138690
                                                                                                                                                                                                Entropy (8bit):5.515748942553918
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
                                                                                                                                                                                                MD5:DEAF87D45EE87794AB2DC821F250A87A
                                                                                                                                                                                                SHA1:DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
                                                                                                                                                                                                SHA-256:E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
                                                                                                                                                                                                SHA-512:276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_hu.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):160494
                                                                                                                                                                                                Entropy (8bit):4.831791320613137
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
                                                                                                                                                                                                MD5:E9D302A698B9272BDA41D6DE1D8313FB
                                                                                                                                                                                                SHA1:BBF35C04177CF290B43F7D2533BE44A15D929D02
                                                                                                                                                                                                SHA-256:C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
                                                                                                                                                                                                SHA-512:12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......hu_HUB../....*.......+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T...*...U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\....*..]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V....*.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_it.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):161172
                                                                                                                                                                                                Entropy (8bit):4.680034416311688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
                                                                                                                                                                                                MD5:88D040696DE3D068F91E0BF000A9EC3E
                                                                                                                                                                                                SHA1:F978B265E50D14FDDE9693EC96E99B636997B74D
                                                                                                                                                                                                SHA-256:7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
                                                                                                                                                                                                SHA-512:F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_ja.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):129911
                                                                                                                                                                                                Entropy (8bit):5.802855391832282
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
                                                                                                                                                                                                MD5:608B80932119D86503CDDCB1CA7F98BA
                                                                                                                                                                                                SHA1:7F440399ABA23120F40F6F4FCAE966D621A1CC67
                                                                                                                                                                                                SHA-256:CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
                                                                                                                                                                                                SHA-512:424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_ko.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):156799
                                                                                                                                                                                                Entropy (8bit):5.859529082176036
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
                                                                                                                                                                                                MD5:082E361CBAC2E3A0849F87B76EF6E121
                                                                                                                                                                                                SHA1:F10E882762DCD2E60041BDD6CC57598FC3DF4343
                                                                                                                                                                                                SHA-256:0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
                                                                                                                                                                                                SHA-512:F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......koB..7....*.......+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^.............*...5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_lv.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153608
                                                                                                                                                                                                Entropy (8bit):4.843805801051326
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
                                                                                                                                                                                                MD5:BD8BDC7BBDB7A80C56DCB61B1108961D
                                                                                                                                                                                                SHA1:9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
                                                                                                                                                                                                SHA-256:846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
                                                                                                                                                                                                SHA-512:F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......lv_LVB.......*...B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x...*.._......._....{..yg......1...5v...E..7........(......B.......|.......|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_pl.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):162982
                                                                                                                                                                                                Entropy (8bit):4.841899887077422
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
                                                                                                                                                                                                MD5:F9475A909A0BAF4B6B7A1937D58293C3
                                                                                                                                                                                                SHA1:76B97225A11DD1F77CAC6EF144812F91BD8734BD
                                                                                                                                                                                                SHA-256:CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
                                                                                                                                                                                                SHA-512:8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......pl_PLB..0....*.."....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]..*....s.......t...r.......o.......+...;..*....;..+....;..."...;... ...M..*....O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_ru.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):203767
                                                                                                                                                                                                Entropy (8bit):5.362551648909705
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
                                                                                                                                                                                                MD5:5096AD2743BF89A334FBA6A2964300D4
                                                                                                                                                                                                SHA1:405F45361A537C7923C240D51B0FF1C46621C203
                                                                                                                                                                                                SHA-256:3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
                                                                                                                                                                                                SHA-512:7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......ru_RUB..7....*...L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H....*..IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_sk.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):125763
                                                                                                                                                                                                Entropy (8bit):4.80343609423322
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
                                                                                                                                                                                                MD5:3D60E50DCBCBD70EE699BC9B1524FCB9
                                                                                                                                                                                                SHA1:0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
                                                                                                                                                                                                SHA-256:D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
                                                                                                                                                                                                SHA-512:F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_tr.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):194487
                                                                                                                                                                                                Entropy (8bit):4.877239354585035
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
                                                                                                                                                                                                MD5:6CBC5D8E1EABEC96C281065ECC51E35E
                                                                                                                                                                                                SHA1:4E1E6BA3772428227CB033747006B4887E5D9AD1
                                                                                                                                                                                                SHA-256:6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
                                                                                                                                                                                                SHA-512:CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_uk.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):158274
                                                                                                                                                                                                Entropy (8bit):5.402056706327934
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
                                                                                                                                                                                                MD5:D6234E4E21021102B021744D5FA22346
                                                                                                                                                                                                SHA1:63A14327D0CF0941D6D6B58BFA7E8B10337F557B
                                                                                                                                                                                                SHA-256:51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
                                                                                                                                                                                                SHA-512:37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......uk_UAB../....*...E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H...*...I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..*y...s.......t...........;.......n...;..*Q...;..+U...;.......;...x...;..!(...M..*....O.......O...........6...}..*........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\Qt5\translations\qtbase_zh_TW.qm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Qt Translation file
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):127849
                                                                                                                                                                                                Entropy (8bit):5.83455389078597
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
                                                                                                                                                                                                MD5:9C6A3721D01ECAF3F952CE96F46CE046
                                                                                                                                                                                                SHA1:4A944E9E31DF778F7012D8E4A66497583BFD2118
                                                                                                                                                                                                SHA-256:085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
                                                                                                                                                                                                SHA-512:6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<.d....!..`.......zh_TWB..2x...*.......+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..*W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtCore.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2483712
                                                                                                                                                                                                Entropy (8bit):6.241719144701645
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
                                                                                                                                                                                                MD5:678FA1496FFDEA3A530FA146DEDCDBCC
                                                                                                                                                                                                SHA1:C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
                                                                                                                                                                                                SHA-256:D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
                                                                                                                                                                                                SHA-512:8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(.*...........+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(.......*.................. ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtGui.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2494976
                                                                                                                                                                                                Entropy (8bit):6.232020603277999
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
                                                                                                                                                                                                MD5:AE182C36F5839BADDC9DCB71192CFA7A
                                                                                                                                                                                                SHA1:C9FA448981BA61343C7D7DECACAE300CAD416957
                                                                                                                                                                                                SHA-256:A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
                                                                                                                                                                                                SHA-512:8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\QtWidgets.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5144576
                                                                                                                                                                                                Entropy (8bit):6.262739223310643
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
                                                                                                                                                                                                MD5:E8C3BFBC19378E541F5F569E2023B7AA
                                                                                                                                                                                                SHA1:ACA007030C1CEE45CBC692ADCB8BCB29665792BA
                                                                                                                                                                                                SHA-256:A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
                                                                                                                                                                                                SHA-512:9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\PyQt5\sip.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):120320
                                                                                                                                                                                                Entropy (8bit):6.0349394662157145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ePdh61lfwIRCUFdGilHYdKgez56BBDp/AtX6WRB/c95Vvmv2jBxPX:CmLw1mdGilHdgfBt/Gb/I5VW2jP
                                                                                                                                                                                                MD5:F57134D35976C48FFB955DF1739AF5D4
                                                                                                                                                                                                SHA1:C1B3A81352E462D4ECC33EE5119B882D657BED2F
                                                                                                                                                                                                SHA-256:9E91B237E2AA69C0C7E268F072999BB0319B04513C9FC97AB7C4371E642375D2
                                                                                                                                                                                                SHA-512:DB385592876F489460023F2D02FC80635FE4F9746ECD99C8C7622399A34EA43EF631D3668429AD4E8F69552A5C386BBF12F3805A9101F7EB70337CE23E65C80B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kS............................................................................................Rich...........................PE..d....:.f.........." ...(.H...........J.......................................0............`.............................................X...h................................ ......................................P...@............`...............................text....G.......H.................. ..`.rdata...U...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\VCRUNTIME140.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):119888
                                                                                                                                                                                                Entropy (8bit):6.600983758182253
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:dI2v39UXigCBs29DdxfggO6vMMKZsY2ofRjoecbdhUwdJTzmZhTzC:diwskD8B6vMMEs5oGecbd2wHT0Te
                                                                                                                                                                                                MD5:CAF9EDDED91C1F6C0022B278C16679AA
                                                                                                                                                                                                SHA1:4812DA5EB86A93FB0ADC5BB60A4980EE8B0AD33A
                                                                                                                                                                                                SHA-256:02C6AA0E6E624411A9F19B0360A7865AB15908E26024510E5C38A9C08362C35A
                                                                                                                                                                                                SHA-512:32AC84642A9656609C45A6B649B222829BE572B5FDEB6D5D93ACEA203E02816CF6C06063334470E8106871BDC9F2F3C7F0D1D3E554DA1832BA1490F644E18362
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W..s/..:W..1/S.3W..8W...W..8W..9W......(W......'W......-W......9W....?.9W......9W..Rich8W..........PE..d................." ...(."...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...&..............@..@.data................j..............@....pdata...............n..............@..@_RDATA...............z..............@..@.rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\VCRUNTIME140_1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):49640
                                                                                                                                                                                                Entropy (8bit):6.698209069449079
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:IzzO6ujT3MbR3vXCz6S5Mq83yJ9d3+DuO9zUgElq9z6m:Fq/XuA3o9dgzUZWz5
                                                                                                                                                                                                MD5:2BD576CBC5CB712935EB1B10E4D312F5
                                                                                                                                                                                                SHA1:DFA7A46012483837F47D8C870973A2DEA786D9FF
                                                                                                                                                                                                SHA-256:7DD9AA02E271C68CA6D5F18D651D23A15D7259715AF43326578F7DDE27F37637
                                                                                                                                                                                                SHA-512:ABBD3EB628D5B7809F49AE08E2436AF3D1B69F8A38DE71EDE3D0CB6E771C7758E35986A0DC0743B763AD91FD8190084EE5A5FBE1AC6159EB03690CCC14C64542
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i..............p......6........pH.............6.......6.......6.......6.......6.$.....6.......Rich............PE..d...;AL..........." ...(.<...8.......@..............................................O.....`A........................................pm.......m..x....................r...O......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_brotli.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):759064
                                                                                                                                                                                                Entropy (8bit):6.032889127123513
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:0Iut1neYyd3pZ3bAHhlyE8ZXTw05nmZfR7+:0IanNyZ3bAoiAmZfR7
                                                                                                                                                                                                MD5:C8B9EEED583B3F8834B0CBD644A3BC27
                                                                                                                                                                                                SHA1:1A505F4BF58AEB999988F5382C3484CCAA628E03
                                                                                                                                                                                                SHA-256:347E02DA1E217ABAF79327EE926156942355E6C7C076E50C69C2F4DA0AD1B6FF
                                                                                                                                                                                                SHA-512:E62D6CD26D6AF9DA6FB56A36F1ABA21EC1C4524288F2C4C36C431066DB4CCD32A11A9FAD07878C475D74455EA77D3C7383138C27A94EEA4B767EC66F844D746D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.3.0~].0~].0~].9...8~]...\.2~].b.\.4~]..\.3~].0~\..~].b.X.!~].b.Y.8~].b.^.3~]..U..~]..].1~]....1~].._.1~].Rich0~].................PE..d.....0f.........." .........N......................................................!.....`.........................................pF..`....F...............`.......f.../...........................................................0...............................text...b........................... ..`.rdata.......0... ... ..............@..@.data...H....P.......@..............@....pdata.......`.......H..............@..@.rsrc................b..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_bz2.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36112
                                                                                                                                                                                                Entropy (8bit):6.489679370004555
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:5J/LccdJwoeTxf0IWIvCV35YivKdbU2EP:3omCT90IWIvCVp7Sm9
                                                                                                                                                                                                MD5:E35A1103E49B46B7B27D71AE44EC445D
                                                                                                                                                                                                SHA1:D07417A41FB9291A6C8D1A24F170912A1DA60120
                                                                                                                                                                                                SHA-256:CE316D62C4BB44E063BDC0F72ED710E39E5436D71B1E09E72FD0E5165C5FF8D9
                                                                                                                                                                                                SHA-512:94A8DC6E76F494489AF3C3A2153AF19E87B64DE54E2FD8290ADC3C27DA5DB1DE6840D402CE281EA0E4E74A3688827FF0C33AC1D05932CA027CB48AFD2A8AA1BB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.[...5...5...5.'...,.5.|.4.,.5.|.0.$.5.|.1.&.5.|.6.-.5..4.,.5.e.4.,.5..4.-.5...4.z.5..=./.5..5./.5..../.5..7./.5.Rich..5.................PE..d...\..f.........." .....$...<.......'....................................................`..........................................W..H...HW..x.......x............^.../.......... N..T............................N..8............@...............................text....".......$.................. ..`.rdata... ...@..."...(..............@..@.data........p.......J..............@....pdata...............N..............@..@.rsrc...x............R..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):195856
                                                                                                                                                                                                Entropy (8bit):6.348842947307713
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:XtPMUTQq8JM5SUXm/Ey18+wNz+zdJh1nveqWeKS7BSSTL7KElgRlkHGAt:XdMXqpSUXm8yG+znnBW3cSSTLOEWRlBs
                                                                                                                                                                                                MD5:648D8AC4471067EB8B4ADF7C004734D3
                                                                                                                                                                                                SHA1:0CA0C242F59F2EE29C22AF308BFCE19A425CD720
                                                                                                                                                                                                SHA-256:AE5D686C6AC957FF5DF119937A554CDEBD7A8838A077004523A5BD1D673336AF
                                                                                                                                                                                                SHA-512:13AF9E87B5F18F047B4FDE0FF876FFDDEB08A69169A7B6B057B7C4E272F5E72B702D60EF36FC6EF6CE778B47B170A257864CA1CB5B43189293F639CDF5DC4D1E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].....C...C...C..NC...CK..B...C.. C...CK..B...CK..B...CK..B...C...B...C...B...C...C..C...B...C..HC...C...B...C.."C...C...B...CRich...C........PE..d.....f.........." .........B...... ........................................@.......]....`..........................................w..l...<x....... .................../...0.......^..............................0^..8............................................text.............................. ..`.rdata..0...........................@..@.data...x].......0..................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_ctypes.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):133904
                                                                                                                                                                                                Entropy (8bit):6.131067721780452
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:nsAEallnXW8g9DgTNEffYxrV7ODaRnIvLPUGE:nsE9G5kSffYxhKDaYE
                                                                                                                                                                                                MD5:4C8275E2069BC348C33C624D69BFEFE1
                                                                                                                                                                                                SHA1:3C6A70AE6D6F8EC9341E42688ADB066B1E64225A
                                                                                                                                                                                                SHA-256:BB4AB3EBFCD442AB75425A3DEB0F4CA5EE4305858F862848F3DDFAA41691F8C5
                                                                                                                                                                                                SHA-512:604B981474A02367A73A32DCC179E0BF4B0ABFD9B054032422A11A2A2D708FD80BF7898EE09E3472AC272FD9DC951B609EE3E7083B74CE8A98E68C8E15C69504
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........J...$...$...$....$...%...$...!...$... ...$...'..$.>.%...$... ...$...%..$._.%...$...%...$.>.,..$.>.$...$.>....$.>.&...$.Rich..$.........PE..d..._..f.........." ......................................................... .......9....`.............................................................x................/......t...Pf..T............................f..8............0...............................text...R........................... ..`.rdata...n...0...p..................@..@.data....4.......0..................@....pdata..............................@..@.rsrc...x...........................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_decimal.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):306448
                                                                                                                                                                                                Entropy (8bit):6.580350394996573
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:DzF3ZuVZtua7+DTUV1J/gqsaiWIgvw8qqFJ3X+W5AuZtlcdC:DzF3ZuZ5+DTUjtRsaigR3Gw
                                                                                                                                                                                                MD5:0478F88D2CC0035D71949BD078CA56CF
                                                                                                                                                                                                SHA1:81331D264BE374C415A5B84D85CC35D2C8B2B790
                                                                                                                                                                                                SHA-256:A6372AD5020F22B41A74CC1CF0A246C922FE5AD95CC093EC5C3AA1C8C6D8BA88
                                                                                                                                                                                                SHA-512:E1B473CD97C8B66AE20C204150C8E8568CF29CC8FC7F3796D150D3CFCA709FD012E05AA51E58357920184402DD289DA35587326A36BB3B30FEAD392D5B346462
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.5v..[%..[%..[%...%..[%\.Z$..[%\.^$..[%\._$..[%\.X$..[%.Z$..[%E.Z$..[%..Z%..[%.X$..[%.S$..[%.[$..[%..%..[%.Y$..[%Rich..[%................PE..d...S..f.........." .....Z...&......,_..............................................`.....`......................................... )..P...p)...............p.......~.../......X.......T...........................p...8............p...............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data....)...@...$...*..............@....pdata.......p... ...N..............@..@.rsrc................n..............@..@.reloc..X............x..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_hashlib.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):62736
                                                                                                                                                                                                Entropy (8bit):6.222383881142443
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:oQRAa29/1dWd76o4ue6FW545ILZTc8fzu0IOIvOIt5YivKDM2E9:PAD9ddWwiWu5ETcAu0IOIvOIz7SDMr
                                                                                                                                                                                                MD5:7DBA61773D615D87CE8AE3D83E6A6AAC
                                                                                                                                                                                                SHA1:261230B27ED89B9FF19BF379E2FCEFEF5F15D502
                                                                                                                                                                                                SHA-256:8BA3C84887A20AA37FC6ABB3827C2E263B5C624BF48D66E7911A55BA0A23A6C1
                                                                                                                                                                                                SHA-512:159429AF11EDF9CCFB3190A9288DDE6001866B1F4C11BB805A954548BFFDBFCBF5ECF14AD97B570788BCFE02359BDAAC0BF16337969DDEA37B6C7A7EDBAC73EB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........><.N_R.N_R.N_R.G'..J_R..*S.L_R..*W.E_R..*V.F_R..*Q.M_R..'S.L_R..*S.K_R.N_S.._R..*Z.O_R..*R.O_R..*..O_R..*P.O_R.RichN_R.................PE..d...a..f.........." .....N...z......0R..............................................2}....`.............................................P...`............................/......T......T...........................0...8............`.. ............................text...hM.......N.................. ..`.rdata...J...`...L...R..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_lzma.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):48912
                                                                                                                                                                                                Entropy (8bit):6.464987590087496
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Fy9T/fEYzBD1wZBYwWyWx0+cQb0m6O3XKc3fb+csVYC9KS0IWIvZ125YivKB2Ek3:FyZHEYzpWH60+uEXnfb+NVYs0IWIvZ1y
                                                                                                                                                                                                MD5:699977AD2B533E348C009108FC8DBBC5
                                                                                                                                                                                                SHA1:8AF8B6622FCB6E3BA7E57320E017254F59C7255B
                                                                                                                                                                                                SHA-256:A4B308D6B2AF4CC2D3102FC9F29725A0D34773A24A1824FE08C7843F4274B574
                                                                                                                                                                                                SHA-512:8B81F873DD68F8F792DDF41D905A1DC0993BC184A43E80C2777EC6057310BF42BCBACA647BA94586FBF7D9C6517BCEF3DF07C4B99DE2ED68DB6EC2CE63BCE942
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................g................................X............9.............X......X......X......X......Rich....................PE..d...]..f.........." .....<...V.......@....................................................`..........................................y..L...,z..........x................/..........@n..T............................n..8............P...............................text....;.......<.................. ..`.rdata..Z7...P...8...@..............@..@.data...(............x..............@....pdata...............~..............@..@.rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_multiprocessing.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35088
                                                                                                                                                                                                Entropy (8bit):6.445254727687256
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Jf6FigZfxOK8il0u1/v0IeIvWtX5YivKo2Ek:rgu3il0uBv0IeIvWtJ7Soq
                                                                                                                                                                                                MD5:62B3B95305D8DFACDF4F29CD980291E1
                                                                                                                                                                                                SHA1:9A49F9B6D1C237A424457D9D51B08819CED3EC54
                                                                                                                                                                                                SHA-256:8E035BA34EA1B60B200012152F62861E690A26C386D4E8267E12F1AE6789F540
                                                                                                                                                                                                SHA-512:1BA6ECE0C245AEB951BC968308C34DEBB97810453D47C5A69F012B4B371F2B3C5F635EF26A9641F57A3494CB3FCA93349F82A0FFA8E7461B8999D812BDDAD254
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s... ... ... ..u ... ...!... ...!... ...!... ...!... P..!... ... ... ...!... P..!... P..!... P.. ... P..!... Rich... ................PE..d...V..f.........." ..... ...<.......#..............................................#.....`.........................................PD..`....D..x....p.......`.......Z.../..........H:..T............................:..8............0...............................text...8........ .................. ..`.rdata.......0... ...$..............@..@.data...(....P.......D..............@....pdata.......`.......J..............@..@.rsrc........p.......N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_queue.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32016
                                                                                                                                                                                                Entropy (8bit):6.523181606209864
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:hjqm2/vj+GqmWBXWxI365Y6rrz1crYiQja0sjyIvQUFHQIYivyzSE5wSJIVE8E9l:dlr3V6rrz1720IyIvQUp5YivKLb2Exp
                                                                                                                                                                                                MD5:29143CE4D2784F7977175FD48C3F2337
                                                                                                                                                                                                SHA1:94D76CE5BAA4157B519DB2796DA80F39BB17FDC1
                                                                                                                                                                                                SHA-256:A072EFC1FAD616CEBFDF8C59E92C05C695E082DBDFF5100410756F8E022CA0E9
                                                                                                                                                                                                SHA-512:F4A23F0093C713C5AE7D5A5CA3AB728DC02CE8FF5E6A1E5B16AF10F3A9223D5C9018130B597BE3155515E553BAF2D8D133398BEB2C7B29DA9DA9382BB6E3E82D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k..........................................8..................8......8......8......8......Rich...........................PE..d...W..f.........." .........6......@................................................d....`..........................................B..L....C..d....p..x....`.......N.../..........p:..T............................:..8............0..0............................text...x........................... ..`.rdata.......0......................@..@.data........P.......:..............@....pdata.......`.......>..............@..@.rsrc...x....p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_socket.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):85264
                                                                                                                                                                                                Entropy (8bit):6.332624074953814
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:V9m9bNVhef9RkcnVyMsx9/s+S+BzPFWmIHJk8HZS0IyIvLw3K7Sp9:V9sbNVIwcnVyMsx9/sT+BzNxIpTRnIvq
                                                                                                                                                                                                MD5:7F089CFF7FEC6BB8162051CE43819C01
                                                                                                                                                                                                SHA1:B38EE8A470B3A98D35904101C4753C80A0774836
                                                                                                                                                                                                SHA-256:620E2719BDD4E518B927037FDEB8CE4F0F836962D84F8E375D784BB2C0515798
                                                                                                                                                                                                SHA-512:BC954F30410015875714365D0CF4E3C40F5C31675F588E48C10F763FFB55D168341E33F8C01E8B282F077AF6798B2488A4F51A5E626B453289E10ADCDD3D3126
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%Kw.D%$.D%$.D%$.<.$.D%$.1$%.D%$.1 %.D%$.1!%.D%$.1&%.D%$.1$%.D%$.D$$|D%$.<$%.D%$.1-%.D%$.1%%.D%$.1.$.D%$.1'%.D%$Rich.D%$........PE..d...b..f.........." ................@........................................`...........`.............................................P...P........@..x....0..0......../...P......@...T...............................8............................................text....~.......................... ..`.rdata..Xw.......x..................@..@.data...X...........................@....pdata..0....0......................@..@.rsrc...x....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_ssl.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):182032
                                                                                                                                                                                                Entropy (8bit):5.967289504993549
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:e/7Ua9Kdt7ULAFpwd65QsAIYnvu0kKuFBZd4rYcvsswCfyX0NUzIvC7jGa:e/Z9KXU2po6msn0vu0980a
                                                                                                                                                                                                MD5:B4D65C49FE7DCCC48B51C41C4AF96E78
                                                                                                                                                                                                SHA1:50AEE6DB37174FF2E89231CFE66733E492736942
                                                                                                                                                                                                SHA-256:39313E1AD276BB365019994CB5846C4B2620700F21561B0A267491F5D658221A
                                                                                                                                                                                                SHA-512:7DA24FD6CF14652FA95543E890DBF04848BD2BD0C3D96CAE92E19C11714AC1AC2BAF66FE98EF03A4E22D31EDDD2515D82EFCCE00581FDD88D5E954BD1FEED421
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6..nX.nX.nX....nX...Y.nX...].nX...\.nX...[.nX.P.Y.nX.nY..oX...Y.nX.P.P.nX.P.X.nX.P...nX.P.Z.nX.Rich.nX.................PE..d...d..f.........." ......................................................................`.............................................H...............x................/......x... ...T...............................8...............0............................text............................... ..`.rdata...%.......&..................@..@.data...............................@....pdata...............l..............@..@.rsrc...x............|..............@..@.reloc..x...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\_wmi.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36624
                                                                                                                                                                                                Entropy (8bit):6.401916980747962
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:ZHM2csOrbi572b0IWIvCiW5YivK1n2Erc:ZHMwmM72b0IWIvCis7S1nRc
                                                                                                                                                                                                MD5:14806376B313FDFBD79CA38E9709EB79
                                                                                                                                                                                                SHA1:DBDB13FEA73D6DD1DE6CEBEC244D8A2A9F733905
                                                                                                                                                                                                SHA-256:55B590ADE3B5A4B9876B1D200D769A841D93F5CA4EA92027E990E54503D6C6D8
                                                                                                                                                                                                SHA-512:D9CA98AE657E995E9D55AFAE260024DBC4A6C88044AD1721B95B9D5E2102951C560626D630A83230EA782F3DB6EAAB34C72F326E3086EB32D1781570F01B758B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L..-.-.-.Uw..-..X.-..X...-..X.-.OX.-..X.-..U.-.-..-..U...-.OX.-.OX.-.OX...-.OX.-.Rich.-.........................PE..d...]..f.........." .....(...:.......(....................................................`..........................................T..H....T..........x....p.......`.../......p...4G..T............................C..8............@.......S..@....................text...>'.......(.................. ..`.rdata..^....@... ...,..............@..@.data........`.......L..............@....pdata.......p.......P..............@..@.rsrc...x............T..............@..@.reloc..p............^..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.72768422100662
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0zOGWZhWKWEXCVWQ4KWZRe+fKUSIX01k9z3Ar9wPAKx:0zBWZhWdov2IR9zCsRx
                                                                                                                                                                                                MD5:8CFF68EA251A9441F28D954E41A31447
                                                                                                                                                                                                SHA1:E2C268D5BD6B3382331FC0D3DB6A66E479A09455
                                                                                                                                                                                                SHA-256:869EC6BC79D1DA594B0DB2CFA510472CA781FFD826ACBE7716198415EA3A3605
                                                                                                                                                                                                SHA-512:FE46B9ADF2A5157C5FF9AB03D0B141710D53A7B4115D7AB4E49DF5A7D95CEAE23B6E2665ED4DC1BD131FC08AA6FA9F2E7A9FDC9D4536027AAB7720FC07BAB9DB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...'6[o.........." ...&.....0...............................................@............`A........................................p...,............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.59135366854433
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oWZhWpWEXCVWQ4KWgfYZyttuX01k9z3AwQoz/mdoVN:oWZhWGVpSR9zVQEUKN
                                                                                                                                                                                                MD5:B08B421DFDA7424FC098EA366A9D4480
                                                                                                                                                                                                SHA1:195E9DB3A1C40AB630C90E5500DC88BE1FEF45CB
                                                                                                                                                                                                SHA-256:60675DFC2CB2AF87456032D28D454BAA4821D6B1921CB03F12A2891DEF445FD6
                                                                                                                                                                                                SHA-512:16735487568634E447D5820F7B164EFD831F427495326CA4591CBAF1D3B313FBDC329F6BD49DF53E493280025E620C8EFF9E0CC8AE660D289B7DFCB3870DF237
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@...........`A........................................p................0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21960
                                                                                                                                                                                                Entropy (8bit):4.570103018649146
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:2kWZhWTVWJWadJCsVWQ4iWJfJBm+0U8X01k9z3Ar/w:pWZhW4CsUfJBmo8R9zY4
                                                                                                                                                                                                MD5:37FBEB9A9685E1443CAA1ED86C5CA1FD
                                                                                                                                                                                                SHA1:BA6A7D13F9BA75D13E5BC1C45CF5770B8605014A
                                                                                                                                                                                                SHA-256:3182765B6CAE55CF4C67B9CB5B6F0B037F323585950FF9B6301B59E5E5ACF780
                                                                                                                                                                                                SHA-512:DF96B90A965B9F1ED53C32EF4268AC0D0D67B4B46F3B78C628199A6F4A609168369FBD8596F9028F4FF3DFD74357E8849C86F99D3AE41227202F3DCAA590AD2F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......}.........." ...&.....0...............................................@......'.....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.633027353556641
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:1PmxD3jPWZhW21WEXCVWQ4OWSwKUWX01k9z3AzMI0EfB5:1PAPWZhW2Ce2R9zQtZ5
                                                                                                                                                                                                MD5:B71E4C59382DDA11BB0559DA21F3147E
                                                                                                                                                                                                SHA1:300BF3E4EF45A1F2A9324D166D9830F90ECDADA5
                                                                                                                                                                                                SHA-256:3746169E2226C52C7B930BBFFC8F3E263283D559D3237C4E193CBB07ABACED1C
                                                                                                                                                                                                SHA-512:31089F0C22F629D5DA3EA21A994DABE21FBAB15F00A0DAB1F886926B3C1AE70B7F156E77C2CC679FC18CFBFAAE8E45F25DFCE2AB23F44FC14BFE606F9E32A1F3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...h..,.........." ...&.....0...............................................@.......?....`A........................................p................0...............0..(&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-fibers-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.578724481313496
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:fyWZhWUWEXCVWQ4KW+8KDUX01k9z3AmaSH/V:KWZhW/j8pR9zX7d
                                                                                                                                                                                                MD5:02DE5F9D1607680904E79E26AAE1C18A
                                                                                                                                                                                                SHA1:440E231481B6E11C40E75A6FBE7C038B4A286E99
                                                                                                                                                                                                SHA-256:7AD9720C4999B88C8B8DB1DCB1EE765F374900B489B2F09BB40E4951B68B0AAB
                                                                                                                                                                                                SHA-512:D8C73E0087AF8EDB9E7C61167CADA3E8859B4FEB18EF6440F00E39FDC7C0E561F8294CBBA4A5FF1DA8AFDD566B209C138D2EA8EBE058EDC12C3908094CD498A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....+............" ...&.....0...............................................@......%G....`A........................................p................0...............0..(&..............p............................................................................rdata..`...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-fibers-l1-1-1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21960
                                                                                                                                                                                                Entropy (8bit):4.52254428849094
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:eJWZhWlWJWadJCsVWQ4iWe0yBm+0U8X01k9z3ArW+gd:YWZhWECsnBmo8R9zYW+gd
                                                                                                                                                                                                MD5:A9EB4528CFB8B68A8019CF042A432BE0
                                                                                                                                                                                                SHA1:A09167D41663E5FE9A2AEF9A961EBB74B5C36A7E
                                                                                                                                                                                                SHA-256:6599741FFE12D3E90EF2B456B64CEE90425FF995BC0D1C3CD9C754DDBA6697AE
                                                                                                                                                                                                SHA-512:C70396BBE2CBB56EC4515BC6AB10256E9128C06A1259AC1AAF581B8D5774CAB2556CA918279BB3F253CC7C6C3F257FC88C9F7DE7E372AAA43B3F16F2F34A14D6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...g..{.........." ...&.....0...............................................@......7p....`A........................................p...|............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26056
                                                                                                                                                                                                Entropy (8bit):4.851813630580239
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:NwhDPvVr8rFTsKWZhWsWWJWadJCsVWQ4iWDoOowcLK+X01k9z3A+Tlz:eJPvVrQWZhWszCssX6R9zZ1
                                                                                                                                                                                                MD5:3ECC0F32E985020A246356F6B54FBA45
                                                                                                                                                                                                SHA1:98ED4067C5B4CEFD00368598ECDBB50CBF17116A
                                                                                                                                                                                                SHA-256:3A7BDD492A945A962EB18F486AE7BCDDC2BBD5B43A12EB461057A6CDC5657F5F
                                                                                                                                                                                                SHA-512:4DEA6BF1928BDC32DD384F192B51C133EE7AEEF51F742109E30BC173E73F398228CC5DB22C014B3612747B2A8B3C4361F099EC76D12B9105A54A47761A26475C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......b.........." ...&.....@...............................................P............`A........................................p...x............@...............@...%..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.605180075525399
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:WrxmWZhWmWJWadJCsVWQ4KWBTxwVIX01k9z3A2rj/p9kL:WlmWZhWjCscZR9zL/xWL
                                                                                                                                                                                                MD5:C0CA315DF1BE9C3027D71663DBEFE3E1
                                                                                                                                                                                                SHA1:55F68CB7C4F7F9795EDD83F7D10B80795A645EC0
                                                                                                                                                                                                SHA-256:1B384401B534CA9A61DCE7F51C8D54B9EABB625F86569BF09E449BE5724C6CA0
                                                                                                                                                                                                SHA-512:C27C225BFE720AF18DC116163A3B84A47C9AFE5B03044C8BA3D913352C7DE08F87C8F776CED8EA9836EEDED0E27B836A079A24622D2E4861B988DC3A3F07942B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...D............." ...&.....0...............................................@......).....`A........................................p...L............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.690467753123558
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:9GE1WZhWvlWEXCVWQ4OWSwKUWX01k9z3AzMAA:9bWZhWvSS2R9zQK
                                                                                                                                                                                                MD5:1AF89D885B7AE99C8606ADE0526B47B3
                                                                                                                                                                                                SHA1:DB2500D74A091A3ECC85F0782CC6762E5B4AA4CF
                                                                                                                                                                                                SHA-256:1D2F1EFEFD0A802190F0257AAC7E1589D08FFBAEA550C561C69C1827E57B55E7
                                                                                                                                                                                                SHA-512:9B770986EF15FD3F0A2023765A56CA6B3D89A5D6F34163B52C109FFBC277F514517E0706A77EFBE491AD4B47E6BB80579C5C7140E3F1D741978A82AB7723D633
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....;.c.........." ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.6096185022949525
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:IJWZhWMWJWadJCsVWQ4KWHhlyLY00pyEuX01k9z3A2pCaPI/94k79:IJWZhW5CsQhiEpcR9zjpCh9
                                                                                                                                                                                                MD5:808581AECCDCB12940C94DF027232612
                                                                                                                                                                                                SHA1:4FF2060540810C440D7C7B287F4974870F876AAE
                                                                                                                                                                                                SHA-256:819976A22A6648536BA0C184D80D093D867D513849BAA8F7011FADE104A7F8C0
                                                                                                                                                                                                SHA-512:51DB0B97AE28D09F669E0D46D99B6ADB1950ABF5218440F5AE5BFDB88838D45AE5D70AD374CCC6ABCFB8F65000616F64ACD764713DE51C796A4E3F36D033B139
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....v$.........." ...&.....0...............................................@.......C....`A........................................p...`............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.7175997238438265
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EIxlyWZhWVWJWadJCsVWQ4KWYwhvxwVIX01k9z3A2rKP5o8u:EIxlyWZhWUCs47R9zLePiZ
                                                                                                                                                                                                MD5:296A0D77B6E4156EFCB22083C72C3BB5
                                                                                                                                                                                                SHA1:324805AD2FCAD014DC7ACC2ABB52779876A1FB86
                                                                                                                                                                                                SHA-256:83CA55315263D7A42D16CF032E67B79359052321C43C5DF97D687C2F4D84A79C
                                                                                                                                                                                                SHA-512:7F87D43D2CB9E5384DB2A0965596C89CC889B2EA8AE8C4DFA3743933831AAFCAAA598BB2E30C3A00787F6B8E5E40EC6EF39D75636E53C5805251E8A1AB9C540F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...,v............" ...&.....0...............................................@......._....`A........................................p................0...............0..8&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.644914316887933
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:7HWZhWIWJWadJCsVWQ4KWziBYY00pyEuX01k9z3A2pCaaImY2:bWZhWVCs0iSEpcR9zjpCV
                                                                                                                                                                                                MD5:2686AE9F0262107ED35CCBF806202E9F
                                                                                                                                                                                                SHA1:548FCA1DB343DB6720F97D0CFF92EC3186A4A87D
                                                                                                                                                                                                SHA-256:7E32A4463C99E54DD1366658B4284020E1A3384C4C366761116309DAE49EE831
                                                                                                                                                                                                SHA-512:05EB17CA895BA06C82308B55D0863EA7DC54132FE92F2BE57425AA9CC802696F14A385DA65280D5E2E2BE9F5E1EEE14D1D0EC3F77B706340C9852E47E2E7989E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....D.........." ...&.....0...............................................@............`A........................................p................0...............0..8&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-kernel32-legacy-l1-1-1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21960
                                                                                                                                                                                                Entropy (8bit):4.778166805701551
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:v7BYluWZhWJWJWadJCsVWQ4iWxkbTseUfX01k9z3Au+cyye:v7B/WZhWoCs2k/6fR9zB0
                                                                                                                                                                                                MD5:44817E9CCAB999E546DF2AACD7AF48FD
                                                                                                                                                                                                SHA1:36216E38E32F49BC8108BA1EF8BE42DA57C9C49F
                                                                                                                                                                                                SHA-256:82BB3C053E3C8F4ED9127D3A4D0D5BEA73D13B98A023073EA0F039CA96405C09
                                                                                                                                                                                                SHA-512:D951C3A72CD298BB4891BFCEADE2EBACA3E4C6B22D16210DBFCA41AAEE233C69BBF3D7E1C4D8D00819BF3944BB808D6A8E8DAA784F48382B2698134162AC21EF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....8>E.........." ...&.....0...............................................@.......*....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21960
                                                                                                                                                                                                Entropy (8bit):4.840945255805497
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YTvuBL3BBLMWZhWNWJWadJCsVWQ4iWBjKIjwX01k9z3AQqYuAQX:YTvuBL3BiWZhWMCsGmHR9z35VQX
                                                                                                                                                                                                MD5:41EC2CBE4B5445D9BA1221B4BF85D604
                                                                                                                                                                                                SHA1:8C956010C6FA4BA01647A51048AE819F25753A4F
                                                                                                                                                                                                SHA-256:C29C1592AF0578C58F2F37E77A044573E8C9FDA4DABA184C3AC5032B061693A5
                                                                                                                                                                                                SHA-512:105C880CAAAA68966947A61DBB53A5E2D93275E111B7890FEB51CE44BC80A5C007A1E03637D1D1C2799C93DE22EE2AE31CE123745059D9E3F39A6075ABD899A2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....hp.........." ...&.....0...............................................@.......P....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):5.348329791322018
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:enaOMw3zdp3bwjGzue9/0jCRrndb5WZhWthjpR9zX7aLTA:jOMwBprwjGzue9/0jCRrndbkEjD9zuTA
                                                                                                                                                                                                MD5:E9DCF789B4BCCFD612137D47194AB7C6
                                                                                                                                                                                                SHA1:54FD5EAED44762187460CF59559C5CF3394D1277
                                                                                                                                                                                                SHA-256:2FB638BE18863EF6077FEF2B7F4EBDA92527B8E19D2E5B39EBA27B3BF96A7FED
                                                                                                                                                                                                SHA-512:2C2740468567EC8F95F365205C9EE7CA17A32AD59EA699193FC10A64354987E43CA4285F5200BDF07658D5C82AA0D2CB074939F4AB8DF397AE2AB842156DBEA8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....#w.........." ...&.....0...............................................@.......?....`A........................................p................0...............0..(&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.7492072611699205
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:g6WZhWpWEXCVWQ4KWa4Y00pyEuX01k9z3A2pCaUIBXrqVFx:g6WZhWG0EpcR9zjpCFVr
                                                                                                                                                                                                MD5:DE6D7B401031076FA200993C1B486B2C
                                                                                                                                                                                                SHA1:80F6F198A0D82A7F57A431A58F8E86A688C066F9
                                                                                                                                                                                                SHA-256:7AACD77D48B5A7595C59EF95C09D65BD9EE6644206B0878A8108398563B09515
                                                                                                                                                                                                SHA-512:B18C230D8BCF03F582411E5A2203B952573FA19B84521096F3354188470A0AA63D671E8BE3A9330B2EC4117F0BF06BE9446B06E2A1BC9B3FA10EBDFE86ACA2E3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...ee............" ...&.....0...............................................@...........`A........................................p...l............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.690922193191627
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oWZhWN7WEXCVWQ4KW+FvXGxwVIX01k9z3A2rpk1qo:oWZhWihFQR9zL1k1qo
                                                                                                                                                                                                MD5:4D9446EBB672E87EDC054FC659EA3284
                                                                                                                                                                                                SHA1:4DB261879D4B9936512B96002BCC9E1D8D2D1E67
                                                                                                                                                                                                SHA-256:C184419F20F5EA131239E627DCAD237DA804A5FD21B446846F5C0D60B06A7B49
                                                                                                                                                                                                SHA-512:CB8F3725599F0B170AE1CC14A2C1B0886A465C02C9348294DBD37F02BE08A0A6E82165A078F9C8BC4356754054B2B67E9F3EED7D913EAA11C1F7710ED9D01F02
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d..._+..........." ...&.....0...............................................@.......Z....`A........................................p................0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.876929572962445
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:9gFWGWZhWdWEXCVWQ4KWwkcADB6ZX01k9z3AT2zhPe5:iFjWZhWK7kcTR9zW2Vc
                                                                                                                                                                                                MD5:39CCABBF32987252C3AA0BAB85243804
                                                                                                                                                                                                SHA1:08F8D8E756FC1445084C7A5A670DA1E7E21ED946
                                                                                                                                                                                                SHA-256:9AB3DE163DD167A9423946C308A6F225E22172E8547CCF154E0269D258588DF7
                                                                                                                                                                                                SHA-512:1BF02B7C33883B289AEB608D3B329EDC21690D389CF3299394A63F442AF29AA863623758C7FC024B5001CD236B48A321F27FB9A228488C5D5AE8A214EC34B7CC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......e.........." ...&.....0...............................................@.......I....`A........................................p...H............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):5.22112142634333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:iMck1JzX9cKSIVWZhWrWEXCVWQ4KWVp2hKDUX01k9z3AmaSyw:3ck1JzNcKSIVWZhWgPpR9zX7yw
                                                                                                                                                                                                MD5:A9F72B6A96216BB85861594CE41AAF79
                                                                                                                                                                                                SHA1:9C7EF2AD41D7F86EFA6B6EEFEB39BC0CF3E767CB
                                                                                                                                                                                                SHA-256:F5B2CD5C8FBE89AC55A09B6939CFACDD0861FF47E1FC3DF300412603FA96E00B
                                                                                                                                                                                                SHA-512:368952ACF26A52E02641E783939231AE4CD2F3164A0934F28C4C125275FBAC274525C86C0512B65D4C85202D73DDFD8A877FEAEB6012EDC313D9D09471509105
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...\.YE.........." ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.784332139979507
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:7XDfIeeWZhWfWJWadJCsVWQ4mWSuAY00pyEuX01k9z3A2pCa0XIMO1kq:7XDfIeeWZhW2CsVuAEpcR9zjpCpBO1kq
                                                                                                                                                                                                MD5:7A72E6619C6DD2AC57C461DE31C1CC42
                                                                                                                                                                                                SHA1:242E392B352117AAA3E018EED2C41786A91BFD93
                                                                                                                                                                                                SHA-256:5A3D41A750D1D6714232448193E57AB7D8FD718BA9CEC24C7AFC71F69886DAE3
                                                                                                                                                                                                SHA-512:2687FAF7E8FABFD786E7B0BEFC8A2D2009948D20E630E2FA2897090941823AA24399175074FF4BB12EF10958226666873E8D789BDB347CBE18CB83601FE3B209
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@......UP....`A........................................p................0...............0..8&..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):4.55191105004888
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:9WZhWmWEXCVWQ4iWjUCjVi6KrIX01k9z3A5kh/2itwWh:9WZhW5T49R9z+i2q
                                                                                                                                                                                                MD5:D5E8F48E4FA83BE960F9CD69549A6929
                                                                                                                                                                                                SHA1:4109003548C6056CF56236A13DD721F8AD19B9AA
                                                                                                                                                                                                SHA-256:23A1324112574AD2F7D903A881592354E8FE915BA3086E830B9DC49CFBF7154C
                                                                                                                                                                                                SHA-512:3D9D99B3DA41245F0C78397008CAAFAFB31EEC7911729AF0318615F05C72E1E8E10BF8C33D7068E0FE22A3FB2DA92FBB1EF72568831F29BB80E00A44133A76B1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...x.\..........." ...&.....0...............................................@............`A........................................p................0...............0...%..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):4.716051802014252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:aoGeVfWZhWglWEXCVWQ4iWAbTseUfX01k9z3Aufu8mM:aoGeVfWZhWr3/6fR9zBHv
                                                                                                                                                                                                MD5:9CE463521492C4473F4740B16C9D6C4B
                                                                                                                                                                                                SHA1:04B80FF86EDE3AE15730C212EA435EDE5984F65B
                                                                                                                                                                                                SHA-256:17423B1DFC0D5C9246A1B4C50BCE5AF931B186AD66268761B2611E611D9ADBB3
                                                                                                                                                                                                SHA-512:E3035B687F15CB5C50F4421324F043462EBA9B9E9374F046EB978C05A927E900E8C4484BC685CC6DE4668D69A4F3894633FBCB111DBC0C6FF75126F71C83F1E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................." ...&.....0...............................................@......."....`A........................................p...<............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.648129343972652
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:1O9qVQzyMvrSWZhW/WJWadJCsVWQ4KWI+tLSxwVIX01k9z3A2rddNw:xwyMvWWZhWWCsyhMR9zLJM
                                                                                                                                                                                                MD5:11691C2A28B3BD413BA3F654930E42E8
                                                                                                                                                                                                SHA1:177BB41EBC747B0D6FD4AB5BD1C2B72D02D6E4F6
                                                                                                                                                                                                SHA-256:AC5A66B65EAD96DFBC63AFD947601BD276C1C5EDE2A7ACC0D580B02EF104892A
                                                                                                                                                                                                SHA-512:D9F84C72113C29FB45010589D6174AFC3CAF3B5B31CD9BB52DFFFC6AF9471DDB917F0C6C64CBC4896038B4623199A3497A133F4E13CC9433581095B0F28AE99E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...epXN.........." ...&.....0...............................................@......{.....`A........................................p................0...............0..8&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):5.111269455813205
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:0Xwidv3V0dfpkXc0vVaU8WZhWkwR9z2rn:0Hdv3VqpkXc0vVam69zYn
                                                                                                                                                                                                MD5:5C2289BDBFF66DE3001EF70479971B9A
                                                                                                                                                                                                SHA1:F8259FC23FDC48A4CCD80A6C49948F803D353253
                                                                                                                                                                                                SHA-256:2D577CDAE281CD49141A87340D21EE3B372A297EF9CE35E82CF449DD352F380D
                                                                                                                                                                                                SHA-512:AE6FE4535BF9136048E2C5A25C9804E467E4FDA6DE343819442246B22A352B3A97CF976D9B24BBF8BB3734F21252F94E0A32EE928D4A9A92E4EE0B3FD7FE5F6D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....Y.........." ...&.....0...............................................@.......9....`A........................................p...X............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.8230001066967
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:itZ3rWZhWQWJWadJCsVWQ4KWCX4gY00pyEuX01k9z3A2pCaWIG9FJ0ib/:itZ3rWZhW9CshlEpcR9zjpC9DX
                                                                                                                                                                                                MD5:827F43E26BB312794DF5CEB9C6BF6B67
                                                                                                                                                                                                SHA1:CAC9F8C4A9031EF3CEC62021C8236F7EDA0A8FB8
                                                                                                                                                                                                SHA-256:220A7CEE500B92A005B58D45006B1B98545FCD2040DDA5D3D750FE2E6DE5C62B
                                                                                                                                                                                                SHA-512:CB9E43C25F0E09B23CD0B7A61272A40887602E14265F18DC06F23303957A53E9D36DAE9F9ED907F61E231F8CF5A58CA4FCCDF5ACB48164E2EFB2A936379AD406
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...^Q............" ...&.....0...............................................@......Ge....`A........................................p...x............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21960
                                                                                                                                                                                                Entropy (8bit):4.848153263852169
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ngdKIMFCbmaovWZhW7WJWadJCsVWQ4iWns98I8HNsAX01k9z3AqjEgsjS+W:cj78WZhWyCsUs98tHNsAR9zygse+W
                                                                                                                                                                                                MD5:2633778E405590F763FA7E002ABA3369
                                                                                                                                                                                                SHA1:1D1F9F620504E4EA803B4231E47E0D51F8AE060C
                                                                                                                                                                                                SHA-256:371442D516A47A8949945F85C6BB0FE3C3B88731DE07A4FF457C2B041C928CFD
                                                                                                                                                                                                SHA-512:A42E3EFE5DFF582FDFA275574E4E8876AE056365190B5C0D2982B938E35AAA37521734F4142954E45ED9CF38CF5114F796EA8A0538BC0637C3EDD54886884F7C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...8"0..........." ...&.....0...............................................@............`A........................................p...H............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-sysinfo-l1-2-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21960
                                                                                                                                                                                                Entropy (8bit):4.661238654415311
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:aULWZhWVWJWadJCsVWQ4iWGowcLK+X01k9z3A+K4i7m1:aULWZhWUCs76R9zZ3i7Q
                                                                                                                                                                                                MD5:6FDD07A52F1197307A96FE6644EA132B
                                                                                                                                                                                                SHA1:965D65AC8816CF866C981579139A8767A901624B
                                                                                                                                                                                                SHA-256:DA65CF54767305C74EAF35E39AC8B7FF472C2DF5E22A84E4FC465E2448D2FEA3
                                                                                                                                                                                                SHA-512:57D29C796CE098834DAD1B140BF811F499F10EDD3A903FEFC88757B20E3FE639F71B8BB112DE2BAAC302810A6B4878EAC4F23A2869DDF0E5917F28673C515BEF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...7............." ...&.....0...............................................@......I`....`A........................................p...h............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):4.7884236782010525
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rhmnWZhWYWEXCVWQ4iW6lhHvKIjwX01k9z3AQqAzrqp3:rAWZhWzzHyHR9z3pfQ3
                                                                                                                                                                                                MD5:D0A90686AEBDCD4CB6E6AFA53C314DA4
                                                                                                                                                                                                SHA1:6151B1AD3EE45E5A4D06F95077B72E264B5EBA86
                                                                                                                                                                                                SHA-256:9DAE313DE05C31AB6583545323E422DD1BDAEC4AA26E81CBEA0D5B69B632FD0C
                                                                                                                                                                                                SHA-512:8E78BE56C0D73E991C378DE357567587D1C96F74BEEA34B4CEEB39DE617F6824EF85EE3F77AF1AE8D0A5EF4A205CBBB83DBF8D6FD218C199116C14CD67F5CDFF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....*............" ...&.....0...............................................@............`A........................................p...H............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.600219489842832
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4WZhWlWEXCVWQ4KWfScADB6ZX01k9z3AT27YOz:4WZhWSsScTR9zW280
                                                                                                                                                                                                MD5:B03D20C701266EF2049734BAAD3A4114
                                                                                                                                                                                                SHA1:C5832C8D60D50CCC1277B3229772B5E85EF00134
                                                                                                                                                                                                SHA-256:D627DF017DDCF7472C761F9796CB55FC7A2347F05CC897BF6C7C29AEE8E4DD0C
                                                                                                                                                                                                SHA-512:2D0C602B726B4B79D73192A1751AED0320D7DEC15813436B20CDF12BD2E3899AB8942437174FABC91984B76502EC8F8C591992F947349AC07812A70380EEEAB3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@......O.....`A........................................p...<............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.9044873796891775
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3hoWZhWEWWJWadJCsVWQ4KWiJYFUY00pyEuX01k9z3A2pCaDIETt9a:6WZhWEzCs1FEpcR9zjpCapI
                                                                                                                                                                                                MD5:B21592BED8F2B7439D7DF4F5EFE05368
                                                                                                                                                                                                SHA1:7D690C7B022389228660544F8CE27796E58E338F
                                                                                                                                                                                                SHA-256:4324863A74391B29229E5376020DE3E1A04F436ABBD4604E305307FDE4601FA7
                                                                                                                                                                                                SHA-512:5179902D9607AD8B04D14117883AA58AE0C543329FDB24ADA4BB4FEFF0378F4A8731F579923770D29B33A91E86E0984A44D55DEA1D6596C54FEA026764BA8103
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...8q............" ...&.....0...............................................@......yL....`A.........................................................0...............0..8&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26040
                                                                                                                                                                                                Entropy (8bit):4.847924649078084
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:vk9cydWZhW9WEXCVWQ4iWxxu3O6YX01k9z3AFlqVhE:vtydWZhWqER9z2lchE
                                                                                                                                                                                                MD5:877B95AC4EC3B5E7471853A88BFB41BD
                                                                                                                                                                                                SHA1:2400CFFE6527CD28EACF29DD25AA32ED7C13100B
                                                                                                                                                                                                SHA-256:6F997E4A9837F42295FA25F45CB564F5EFA93C99768E2A2E2643008ECFFE97B0
                                                                                                                                                                                                SHA-512:DF06680BEFA318CF644DB92CA06961CF2388AEFB792D4BBC0224A1119383190763DC3026E930C6AA7B24745016B8C74D4A3195D3C67AA5095D8C9E63BB9483D7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....!B.........." ...&.....@...............................................P............`A.........................................................@...............@...%..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):4.70332821358458
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:BhWZhW1WEXCVWQ4iWDGUdBm+0U8X01k9z3ArF:BhWZhWCwGUdBmo8R9zYF
                                                                                                                                                                                                MD5:26CE8E7CB1A510E9C52968E4190F169C
                                                                                                                                                                                                SHA1:B324FF5B7E52AEAD284CC0F0F9745A35020735E8
                                                                                                                                                                                                SHA-256:3C0893659C504D16984D6B87C61C98FA050D60473FF77E294F69FDB7FAE155BB
                                                                                                                                                                                                SHA-512:AB2260D1BFE888D481F8B92C5DFBDDC88BAE3E2A9074D933A1E4AB35EB8571237089C1DD74928F6F18FB05049836D85BA082EB0B8E00CC4856CEDDAAFA32C2E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...F..5.........." ...&.....0...............................................@............`A............................................"............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):5.169524550171022
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KEpnWlC0i5ClWZhWPWEXCVWQ4iWvjI8HNsAX01k9z3AqjEgiBKz+iN:bnWm5ClWZhWEMtHNsAR9zygi03N
                                                                                                                                                                                                MD5:D4333F2E4DC12F3B91C1ACD6450BFFF8
                                                                                                                                                                                                SHA1:9A6642FE5BFC563417532E67772C1D79AFD0D48C
                                                                                                                                                                                                SHA-256:924099811552D0E9623D220FD9F9348A14D44EF08694A15D442010193574B1FE
                                                                                                                                                                                                SHA-512:BC2749201BD731F8140C913DCC84A2709FEB0ADD8FC34CADBE14458ADD4DEBBB1B0DE3F219C6CC87F54318DEE0336C1F2703AD002D56CA95C9E38BCD2A54D403
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A.........................................................0...............0...%..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22056
                                                                                                                                                                                                Entropy (8bit):4.847477106745058
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:kvh8Y17aFBRIWZhWuWEXCVWQ4KWmAKx6RMySX01k9z3AvySCau:SLdWZhWhtA5MR9zKy1
                                                                                                                                                                                                MD5:03D31094ED0A20E068B5E0DFB47F81E2
                                                                                                                                                                                                SHA1:441B1202CF21BA43D3E204C06DA7E5685FD02692
                                                                                                                                                                                                SHA-256:2CFC2C7C376630B595E3582CCD2DDA019F82AE5DC1665D34D3621E2C62E1A868
                                                                                                                                                                                                SHA-512:9583C5198D68247F1110774AED55C7D152BBCCBBF6550C52948F45D34B10F1898683461B3F46378A1311F189690B7449ABC67FE03D5F2BE53CA61A6E8A80C64D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....eM..........." ...&.....0...............................................@............`A.........................................................0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22072
                                                                                                                                                                                                Entropy (8bit):4.8124615571702085
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xDWZhWuQWJWadJCsVWQ4OWv2hHssDX01k9z3AHQHQQVLy:BWZhWmCsg2FDR9zcQD+
                                                                                                                                                                                                MD5:E3844611256F355986AA3C1101460430
                                                                                                                                                                                                SHA1:EB91CF80F5C0FA31756006A65FF254F6F348B500
                                                                                                                                                                                                SHA-256:3C2BC1EBDCB4C6FEDEFC5B82419A1A4B5BA035C3F5453E9D083DCCDBFE2D9E95
                                                                                                                                                                                                SHA-512:8D3BF29F8667F43C195DBBED1B0BA614E55953DC20D9ADCE2DB310959905F6B8053A839113488E252FF0EFB657E33EC26FF153AD6B8A94372FCE0CC094ABFD8C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...j5O@.........." ...&.....0...............................................@.......V....`A............................................e............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30248
                                                                                                                                                                                                Entropy (8bit):5.126273915341742
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:J7yaFM4Oe59Ckb1hgmLhWZhWNCkXC4deR9zZj7eWbS:NFMq59Bb1jM1kXC4dC9zZjiH
                                                                                                                                                                                                MD5:94CCC179B4F36348670C332F11C8CD9E
                                                                                                                                                                                                SHA1:072B415EFEE69E304D2BA3BC032BEB5C9821475D
                                                                                                                                                                                                SHA-256:930FBBCFD3FBD97BFC2C0174F059FF48F33FA54274E409ED6D629A7230E45AA0
                                                                                                                                                                                                SHA-512:A5F04C57D72CF3187CE8EE88F8FD065DC29EB7B6CA1FF851CA6FBF4F49CB806A0939A87183F814E15C10B3EA6D1DBE9D5284065C13CA42A98344504DFBBB8B7E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...K..G.........." ...&.....P...............................................`............`A.............................................%...........P...............P..(&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):4.843041154751532
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:IeXrqjd79WZhWHWEXCVWQ4iWs1llI8HNsAX01k9z3AqjEgFZk:I4rEWZhWcRTltHNsAR9zygFy
                                                                                                                                                                                                MD5:F4081BA9295A87841A83C0F156670107
                                                                                                                                                                                                SHA1:03A65E6F7CD20B35DCA54106840568715912B07F
                                                                                                                                                                                                SHA-256:4EFDCA4AC7819401A586E2ABEBC3B858BA8BA0B13AD296C6AFACD583500F2575
                                                                                                                                                                                                SHA-512:59DB95D68FCBE0CDCBF0ACAAA7C966B36A4E3EEECA6F9912307004DF8C36147257144792A6DA7047D3157B508CDE242E1486E8DBFEB3CB39F7108132A93577E1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@......}q....`A............................................x............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26168
                                                                                                                                                                                                Entropy (8bit):5.010971251299518
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6mGqX8mPrpJhhf4AN5/KixWZhWgWJWadJCsVWQ4KW8Y00pyEuX01k9z3A2pCaxms:6ysyr7PWZhWtCsVEpcR9zjpCwhB
                                                                                                                                                                                                MD5:ADF01F8C45CB9774FB10671E3CA83AEA
                                                                                                                                                                                                SHA1:4463C3472AF7E6AA8AFC695D4A791E83EDC0D4D6
                                                                                                                                                                                                SHA-256:5E9837ABF4517EB8F74EDCF7EA08A3D32916E253D9C24663869DDA40CF7B0280
                                                                                                                                                                                                SHA-512:E1BCBC47D7207F082D9225EB556B997EDB8D1F3427A52BBCA6D9D539356A6322C6BA661AF5B2B1C6093621476EB719D40CF3133D82DB745564EA32CA5C0EBE6B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....Xj..........." ...&.....@...............................................P......6.....`A............................................4............@...............@..8&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26168
                                                                                                                                                                                                Entropy (8bit):5.281477142043078
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:cZy+OV2OlkuWYFxEpah7WZhWNWJWadJCsVWQ4KW2T/Y00pyEuX01k9z3A2pCa4Cg:t+OV2oFVh7WZhWMCsvTEpcR9zjpClT
                                                                                                                                                                                                MD5:4825927D7777BDDC15C56841404D4F6D
                                                                                                                                                                                                SHA1:85F6A26678F063067EA0A0903FD6A249C3B40AAF
                                                                                                                                                                                                SHA-256:F2A7E41EDEDD62B2C192FE6381C8CC33F9BD223164FFC8B38623C9220C009CCB
                                                                                                                                                                                                SHA-512:30B86BE6622BDE2C32E145568234B2FC82D06F8B78D6C42D0672DD0379A99266A92E915B72FEDDEE1F65E6332F23F06F612EA0BA8425E87C5293740D8B3E815C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...T.w..........." ...&.....@...............................................P............`A............................................a............@...............@..8&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26168
                                                                                                                                                                                                Entropy (8bit):5.273190564139755
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:mCLx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWZhWXCsHXR9zL+D+X:mCV5yguNvZ5VQgx3SbwA71IkFhmh9zfX
                                                                                                                                                                                                MD5:D7851F057DE9299212DAB1DD9DEE5FA4
                                                                                                                                                                                                SHA1:CF2C4F15AF125865C3DBF292953F7643CCDEACD2
                                                                                                                                                                                                SHA-256:0B337649B564A760ABB57E21FB2A755CFF080A604034B71C3E8A3CC48C7DA71D
                                                                                                                                                                                                SHA-512:4552BB30E62EA13BEC03D65C77074668F632D4C608F08413AEB4C35419F8C82E7FD1ABB74B595926DF40DB1528783876F805214C6A91C1EF04EE8FBC5444B592
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......G.........." ...&.....@...............................................P......t.....`A.........................................................@...............@..8&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):5.214158590562166
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:NlhwDiWZhW3WEXCVWQ4iWLSKKIjwX01k9z3AQq2dlP:fWZhWsqSHR9z3Xdh
                                                                                                                                                                                                MD5:046784C10E507D7A93C50CB854871682
                                                                                                                                                                                                SHA1:8C69A84615236DCE63D6F20105FF5A6184D369FA
                                                                                                                                                                                                SHA-256:63A56AA00CA3BEC9225E516CCD336003FC4145C1C1439C7D4D9925D8BE24C0E7
                                                                                                                                                                                                SHA-512:C02AF21BD855596816E1242B4C255E82ED9D3080C874079E7B3F17C2D8752D88F19E54EF293BC93B95E763FEBE6A8B4DF799C60C4073C6BD09F28D50CA288658
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...M.l..........." ...&.....0...............................................@.......9....`A.........................................................0...............0...%..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21944
                                                                                                                                                                                                Entropy (8bit):4.769419964359693
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:k/fHQdu3WZhWNWEXCVWQ4iWo4xu3O6YX01k9z3AFvMwr:k/f5WZhWaTSR9z2kQ
                                                                                                                                                                                                MD5:CD1730B15C3297D4C2F6D39C07F8BAD6
                                                                                                                                                                                                SHA1:E981737A258B9C9BCA640D8042EC8D58B36BCCC5
                                                                                                                                                                                                SHA-256:DC75E73FF3F294ADA7E9646B51B2ED137F5C26364CBBD71F36A8F5029A3111DB
                                                                                                                                                                                                SHA-512:726F6BC2346D2FA84FF39B7FBFBE51B885268F00DF881C666BBE7FBD7B384ED070ECB66045C228803AAAFAC131243E8E8DE649ED88A89B1094A7DAC5E55F5F9F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....s$..........." ...&.....0...............................................@.......=....`A............................................^............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\base_library.zip

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1332793
                                                                                                                                                                                                Entropy (8bit):5.5865879348515195
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:f8lJGUqc4rmn9OPNsxuy4htMHc1b4oDAs/SquRROzBMdmyP/H/V949/Rr2/Hg:f8lJGUU697ls30yMdmyPvP4t2/Hg
                                                                                                                                                                                                MD5:BED03063E08A571088685625544CE144
                                                                                                                                                                                                SHA1:56519A1B60314EC43F3AF0C5268ECC4647239BA3
                                                                                                                                                                                                SHA-256:0D960743DBF746817B61FF7DD1C8C99B4F8C915DE26946BE56118CD6BEDAEBDC
                                                                                                                                                                                                SHA-512:C136E16DB86F94B007DB42A9BF485A7C255DCC2843B40337E8F22A67028117F5BD5D48F7C1034D7446BB45EA16E530F1216D22740DDB7FAB5B39CC33D4C6D995
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........!....uS...S......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\certifi\cacert.pem

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):299427
                                                                                                                                                                                                Entropy (8bit):6.047872935262006
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\INSTALLER

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5
                                                                                                                                                                                                Entropy (8bit):2.321928094887362
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:8:8
                                                                                                                                                                                                MD5:19D07B1F2EB7BD8F0C8E967B228F57D2
                                                                                                                                                                                                SHA1:93E9A081A8643853030BF2C6CDB69E594AEA735A
                                                                                                                                                                                                SHA-256:D0EDEE15F91B406F3F99726E44EB990BE6E34FD0345B52B910C568E0EEF6A2A8
                                                                                                                                                                                                SHA-512:60F3025C54291C57FE42EBB025E6928CA0934181C6B39E9CA714029DC00974366EF1293FAFB06FE415B6AF90AEAB82D53B1DA8C4ACFA03E932DAED2A8293A36B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:conda

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\METADATA

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5440
                                                                                                                                                                                                Entropy (8bit):5.075210953480356
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:DDPQIUQIhQIKQILbQIRIaMPktjaVxsxA29aLDmplH7dwnqTIvrUmA0JQTQCQx5KN:4cPuP1sr9aLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                MD5:99F8EA5D9343C200582FC1A5CFB47C4A
                                                                                                                                                                                                SHA1:C32F11B20CF3E709D8A0E6D00C0205EDB065E4FD
                                                                                                                                                                                                SHA-256:CB68B0E1FFAEFE4C974648ED17929D2500953E4895C23D84E34E382B27EE6724
                                                                                                                                                                                                SHA-512:C4555741D7A2B8113057FE054F2DF751289334A3B112A594FB6F9B8AB744DEE52AF755D3ECAC1737B597486DF134A18B6322E0F9097C0BF27EDD2537AA57FAE8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Metadata-Version: 2.1.Name: cryptography.Version: 43.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\RECORD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15680
                                                                                                                                                                                                Entropy (8bit):5.568769599229514
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:aXodleLjz5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:aXoGLjhCEsJrPB6s7B0Ppz+96innVB
                                                                                                                                                                                                MD5:D1BB7C63068AA36346EA6547CA9472DB
                                                                                                                                                                                                SHA1:D1B04ACF3369050BC9EF7C5A0E23FEE9446D89FB
                                                                                                                                                                                                SHA-256:AE3A5FA59AE675A79EAC35EE1F9B54421FAF7388D22DE24CC9AF0A4C2DC70B19
                                                                                                                                                                                                SHA-512:AD9416F293DEBD3180AE6E20EC3D8E1E3DE973EDA9F8E7B53047D85B1A1FF692975F827FE452D6589EBFFA6136887D362D5775FE1C6F83628DD746C691E4C6FB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:cryptography-43.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.0.dist-info/METADATA,sha256=y2iw4f-u_kyXRkjtF5KdJQCVPkiVwj2E4044KyfuZyQ,5440..cryptography-43.0.0.dist-info/RECORD,,..cryptography-43.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.0.dist-info/WHEEL,sha256=w03tqoRs5ZGD7G-Ws_2h-H-R2ZP0f14-ya2jyjD-Jso,94..cryptography-43.0.0.dist-info/direct_url.json,sha256=o6_g7b0-ryfYBR3OXHzapGiE_rfdssw2TQhe8LDdnGg,92..cryptography-43.0.0.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.0.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.0.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=AuJuBuUXFu8XM-ndNcp4DzJNCld3qQyfRJFH_AgNI-0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZ

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\WHEEL

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):94
                                                                                                                                                                                                Entropy (8bit):4.978746869023827
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RtEeX5pGJ4RRRP+tkKc/SKQb:RtvoJqjWKxDQb
                                                                                                                                                                                                MD5:1838B02AF2AE7EE76709271FE3E24052
                                                                                                                                                                                                SHA1:B85FDC42204A284E01FDB1A2D33A62FA28C95D3B
                                                                                                                                                                                                SHA-256:C34DEDAA846CE59183EC6F96B3FDA1F87F91D993F47F5E3EC9ADA3CA30FE26CA
                                                                                                                                                                                                SHA-512:321C4648A3EA6010BA77C8F4F29EEE9A141ED58E53E4DFE0C15668920F00315174AADEE7F343589E8E4B12D164A0C6471E0E894FFA48FFFC73A8168EAC89CFF4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: maturin (1.3.1).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\direct_url.json

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):92
                                                                                                                                                                                                Entropy (8bit):4.974156114274574
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:YBM7W/RzQXjHxi6Ku6SQcMXRdXlYuOZRVwBKAHY:Ym6RzKRihu6ShMBdCfZzwBKiY
                                                                                                                                                                                                MD5:9EC7238459E065F21009B8BE21406963
                                                                                                                                                                                                SHA1:00D4BDAA57032BEC79FC782CBB1D02A49C606DC2
                                                                                                                                                                                                SHA-256:A3AFE0EDBD3EAF27D8051DCE5C7CDAA46884FEB7DDB2CC364D085EF0B0DD9C68
                                                                                                                                                                                                SHA-512:2F06BD3184B8C9AC4D7DDD29234BB71E7BADA1656BFA23FC3404D823529D91696BA1D120ED470DE01B3D596942BE439F1FD5DB15F78A7F091484E3687088BA8B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:{"dir_info": {}, "url": "file:///C:/b/abs_35g500qir4/croot/cryptography_1724940575116/work"}

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\license_files\LICENSE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):197
                                                                                                                                                                                                Entropy (8bit):4.61968998873571
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11360
                                                                                                                                                                                                Entropy (8bit):4.426756947907149
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography-43.0.0.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1532
                                                                                                                                                                                                Entropy (8bit):5.058591167088024
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3538712
                                                                                                                                                                                                Entropy (8bit):6.119361782464662
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:VCmIHYjV9Gsiqjq9RWftymaME6VGJbl/tTR057Edcq:pZrTSRktyo3AzF
                                                                                                                                                                                                MD5:E9276DDBB8B0D2B003D354000330DFCC
                                                                                                                                                                                                SHA1:292A516D1C36F1561902C99C35F8270D10986AC7
                                                                                                                                                                                                SHA-256:9D74A32859A838A61E757CE285B198AD15F981169F21F23CF9C51BD7DF20F003
                                                                                                                                                                                                SHA-512:AAB7CAC6BC77B7A97AE2C4758303FC8CC0B15358F77243E13AB4F8B58C3EE62507DD3ACCA2AFF1005E00C308F19F3734B86079B9BBBB07DF47855607358CB8D4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..Q...Q...Q...Xtz.W....d..S....d..A....d..Y....d..R...!...]...y..V...Q...O....e..P...Q........e..P....e..P...RichQ...........................PE..d......f.........." .....T'...........%.......................................6.....t.6...`...........................................2.....<.2...............3.......5../....5.|;....+.T....................+.(....+..............p'..............................text....S'......T'................. ..`.rdata.......p'......X'.............@..@.data........ 3.......3.............@....pdata........3.......3.............@..@.reloc..|;....5..<....5.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\ffi.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):40216
                                                                                                                                                                                                Entropy (8bit):6.631517131763696
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Xzd2RFoq8qsAMD3kZeOiJKp7ghA5YivKejAMxkE:Z2JsVL/OiQJghS7SeDx
                                                                                                                                                                                                MD5:C19143D34230F69776FF22F1F2BF8483
                                                                                                                                                                                                SHA1:D0EA3CAE088F86B3590F01DBE9578344DC6A327F
                                                                                                                                                                                                SHA-256:EB22FC95044CE939910D41857445BD0ECC4FC4D810BA30CC6B5F7F55B48AC8ED
                                                                                                                                                                                                SHA-512:D8061FD797D88198E5E4542C3DC184F4933DE88890E6EA5594F33232166FA3C27525F71543398B407F76DB2EE550961419B234C14BDEAC1FBA4413D343D9711F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@x..@x..@x..8..@x..(y..@x..(}..@x..(|..@x..({..@x.40y..@x..@y..@x.{)|..@x.{){..@x.{)x..@x.{)z..@x.Rich.@x.................PE..d...?.0f.........." .....H..."......TL....................................................`.........................................pj.......o..P....................n.../...........b...............................c...............`.. ............................text....G.......H.................. ..`.rdata..P....`.......L..............@..@.data................b..............@....pdata...............d..............@..@.rsrc................j..............@..@.reloc...............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\include\intro.mp4

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:ISO Media, MP4 v2 [ISO 14496-14]
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4455497
                                                                                                                                                                                                Entropy (8bit):7.730479736692243
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:E5myM5XU3KQi3utTj7feJJQgo9VQLl3ANIgQPaLXnrK586+il5js0:L5E3K5STj7GIVQx3ANIgZ8A0
                                                                                                                                                                                                MD5:287264F1CFD893E01271D91FB6CBC2AC
                                                                                                                                                                                                SHA1:45B15465C3CBC8387550AAFE26EEDD16D5331120
                                                                                                                                                                                                SHA-256:8E1BAC39AAF2230B646A04C5CA8F00D7C2B02701F9F56B05FCA29F68B9B78B5A
                                                                                                                                                                                                SHA-512:DC071F06DBFAEF07C37CDC1B043A5DBE77387D73D8339BF0DEFAF2E6C490CE19E749CC30EE679D07F6B66336767BDBBDB31875CBDE5CE562AAF027DC1AF09DF7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:....ftypmp42....mp41isom...(uuid\...2.B..ae.........10.0.22631.0.C..mdat.......................b...................e%..O..]p......-|z6+v.....K.@..............................0....................f......+.5.......J.....m.d...@.&0..........5M.;Z....,.}....)....gj2'...D.;/Jg.=4,.....M~.|8.75.]f..uH@..#....q..F.A.B.b...v.`...u.,@9..r#5a.O>..;.9..).{d+@L......M...?o..0.+Mn ..... ~....P.t.N..:.#..L.....5B.00.xu.C....(.......Y5..$u.i>.........,E..~Hb..d2I.z[1x,..~...w....\.[8..8..^s_c....u....(./..c...2O.%...3;..o..&...q...;..u..../..?.Jp...[W?.....*=.;.GNU.s#ECh.y5.o...D|.R....)....,..{.......ar......<W.#.0.....y}..C.[....i.,.j..VU..n.J.....?+..v..C.>.....\.(.b*..d.9...s.....X.|.i.*u.|.y....4\.}.#.......(..dA....,.r.I3..]..cR_z....Q....N..NIW.../.2YC..R..L.o...zo..@s[.MH..........m...Z..'.....\........eR_....!{....Vh.....M$..z=..!z$GQ./.f$b!{....`E.<.Q.L..-...G.....S..\..q:....5O.8Ti.9.....-\h......6i.~e88.!.&....;......1.,L>...?t.;.v..^T...5..He.;.)=.."RU..=

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\include\success.mp3

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 48 kHz, Stereo
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21549
                                                                                                                                                                                                Entropy (8bit):7.2687330324184725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lLk7FBEXz8CHzw1St8hZzmkKR9PTfwOG/SXi0euvQesv4CLV5:lk7fCU1St8XNKXMS6MFsv4
                                                                                                                                                                                                MD5:27DD4AEF6949A6032F5E10B0A4EA5A47
                                                                                                                                                                                                SHA1:6C2189DCBA19EFFE37D729204E64AB779D02836C
                                                                                                                                                                                                SHA-256:1F991BDE1CA9145651CC204DB12CB42F82F873F2B32A13FF50FC6D995979B2DD
                                                                                                                                                                                                SHA-512:98F7C8C4CD35F0ECD6A0967E46018C90C80D92EA6296207F95CCE4AA6EECA211568BFBE499C80575AB75FDC56B7C7407F9854EAB895C0D5D8CA0A9714DC00B00
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:ID3......#TSSE.......Lavf58.76.100...............................................Info.......7..T........... $$))--226;;@@DDIIMMRVV[[``ddimmrrvv{{........................................................Lavf..........................T.I.J..........................................................................................................................................................................................................i....... .......... ..4....LAME.................................................................................................................................................................................................................................................................................................................................................................i....... .......... ..4....LAME...................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\include\vlcrc

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):102255
                                                                                                                                                                                                Entropy (8bit):5.068048052217124
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:NUNtIg9aKM5kUAlEu+YAEQE80fXQ5BR+ERR0:NctIg9ayeuf+T045jO
                                                                                                                                                                                                MD5:9DFF9C67F84E69416396E6915337A43F
                                                                                                                                                                                                SHA1:232E0F3B21828162DB916F6839E52A59861B7D3C
                                                                                                                                                                                                SHA-256:C403CD55C7FA24FF4FDF5F64C97D44779A33B057FC0B2CAFEA4D251B6412362E
                                                                                                                                                                                                SHA-512:70077197968B5BE88DE076216706583044E4C18FC0E0F5F957DB78FAE5196DAC267D76765949C2183A08660C1EBD2B6EDBF48C107055B57CC0ADFEEBF49EFB48
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.###..### vlc 3.0.21..###....###..### lines beginning with a '#' character are comments..###....[visual] # Visualizer filter....# Effects list (string)..#effect-list=spectrum....# Video width (integer)..#effect-width=800....# Video height (integer)..#effect-height=500....# FFT window (string)..#effect-fft-window=flat....# Kaiser window parameter (float)..#effect-kaiser-param=3.000000....# Show 80 bands instead of 20 (boolean)..#visual-80-bands=1....# Draw peaks in the analyzer (boolean)..#visual-peaks=1....# Enable original graphic spectrum (boolean)..#spect-show-original=0....# Draw the base of the bands (boolean)..#spect-show-base=1....# Base pixel radius (integer)..#spect-radius=42....# Spectral sections (integer)..#spect-sections=3....# V-plane color (integer)..#spect-color=80....# Draw bands in the spectrometer (boolean)..#spect-show-bands=1....# Show 80 bands instead of 20 (boolean)..#spect-80-bands=1....# Number of blank pixels between bands. (integer)..#spect-separ=1....# Am

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\libcrypto-3-x64.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5292304
                                                                                                                                                                                                Entropy (8bit):5.960946421441652
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:wj+5mUjHGX44ZIUWP51CPwDvt3uFlDCti:SimUjm44ZIUWx1CPwDvt3uFlDCti
                                                                                                                                                                                                MD5:E84BBE024702C1498D3579C1D76FC293
                                                                                                                                                                                                SHA1:F40D8B7AA7D8F8A2F377E03A5AFE1D8A743BB3FB
                                                                                                                                                                                                SHA-256:630B0735E0A3EC5824084698A78D2043326BC133A5D579AA0F41CF0B5A92DDB6
                                                                                                                                                                                                SHA-512:78235A8A209127BA21903D19A9B3C280FDDE0479EA73D745E63A54F6C76CCF2D1BAD92649E994E92AF302336BA87B801418E439CE31A9145D704D1C0B57AC87F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t.Oq..Oq..Oq..F...]q......Mq......Dq......Gq......Kq..Oq..q.....Bq..Oq..nq......r.....Nq.....Nq.....Nq..RichOq..........................PE..d.....f.........." ......8.........S.........................................Q.......P...`..........................................dI.5.....O.T.... P.|.....L.`.....P../...0P.(...43E.8...........................p3E.8.............O..............................text...$.8.......8................. ..`.rdata...M... 8..N....8.............@..@.data....t...pL..@...`L.............@....pdata........L.......L.............@..@.idata...)....O..*....O.............@..@.00cfg..Q.....P.......O.............@..@.rsrc...|.... P.......O.............@..@.reloc.......0P.......O.............@..B................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\libexpat.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):413976
                                                                                                                                                                                                Entropy (8bit):6.06270155842444
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:IQ4+yDcF6jJrNceeeeeeeeeeeeb94jrydJ2WDRVVKoQj3aTY:XdyYyJr894jrydJ2eRVVI34
                                                                                                                                                                                                MD5:4C4A8A0239B471ED6AF921BF491343D5
                                                                                                                                                                                                SHA1:79D2566321CB49CC134651A5BFF02BE0990A271E
                                                                                                                                                                                                SHA-256:E82BC0776358BE497E47EEDD079F42DBF3C1FB4AFABCB51DD2AB05624580F7B1
                                                                                                                                                                                                SHA-512:D85F64E0885D3894DA61B966972F433EE1554D2B01E4E77E07594CBC2603A3023E1C639E88413EAE5F1E7C4E3CC065586AA58D25F5717A576638DC6937B9E411
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X..d6.d6.d6.c.5.d6.c.3..d6.c.2.d6...3.d6...2.d6...5.d6.c.7.d6.d7..d6.M.2.d6.M.6.d6.M...d6.M.4.d6.Rich.d6.................PE..d......f.........." .........<.......e...............................................e....`.............................................h...x...(....p..<....0...#...".../.......... ...............................@...8...............h............................text............................... ..`.rdata..............................@..@.data...04.......$..................@....pdata...#...0...$..................@..@_RDATA.......`......................@..@.rsrc...<....p......................@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\liblzma.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):198416
                                                                                                                                                                                                Entropy (8bit):6.722168500088711
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:E3iJXf5IhoWpWqickirtPle59bgeEMSZ19mNo2ITww/MEFfbG2:E3ZhTpWqiirS5eeEtYOdwwkWa2
                                                                                                                                                                                                MD5:8E4F1CAD3249E40555A940DEF227F9BF
                                                                                                                                                                                                SHA1:3B41512E4770CE7BFB8E097F103ADE5DF63F7230
                                                                                                                                                                                                SHA-256:B8CF9FE6D3EAAFF6FCEBCE37947660297762F2F4DDE503F7F56CE6475C439ABD
                                                                                                                                                                                                SHA-512:7DBC6E0DA51118D3C52B7ABBB33F3E00D73D0C8D43DBCE22BCF1EB54BE4FA3D93AD7F5327A22AD3F21C7FE3E8BCA869DA34AC54CFCF40375FBBE94B351F69955
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C...-B..-B..-B...B..-B..,C..-B..(C.-B..)C..-B...C..-B..,C..-B..,B.-BS.)C..-BS.-C..-BS..B..-B...B..-BS./C..-BRich..-B................PE..d....k1f.........." ................$........................................ ............`.........................................P...D.......d...............\......../.......... ...T............................................ ...............................text............................... ..`.rdata...... ......................@..@.data...8...........................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\libssl-3-x64.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):790296
                                                                                                                                                                                                Entropy (8bit):5.609731865143107
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:ieA4whYPbjBaIj/tlFKTB/BcL9eFe9Xb:VAzhYP/BpjtST7fFe9Xb
                                                                                                                                                                                                MD5:4887533BF19EF22CCF4DD3BD817AED52
                                                                                                                                                                                                SHA1:01BB8625FB15855DC15A16E5C1ACE6F456C86027
                                                                                                                                                                                                SHA-256:6E5B7523862F5B85C4EC877E42D9E21FCD3AB0E57FD9504AC5C3557862F94F8A
                                                                                                                                                                                                SHA-512:5B392411DB84921852C9CD362F88063934962DF30E97141AFB311D4065A5471B1CA55B73B3E777D50BE0B190E33D4C0CEC896123135B88DDB14AA49A2C927783
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........aV..2V..2V..2_..2X..2...3T..2...3T..2...3]..2...3^..2...3R..2...3U..2V..2H.2...3f..2...3W..2..q2W..2...3W..2RichV..2........................PE..d......f.........." .....:..........K........................................0.......N....`..........................................t...Q..............s.... ...L......./......d.......8...........................0...8............................................text....8.......:.................. ..`.rdata..}v...P...x...>..............@..@.data....N.......H..................@....pdata...U... ...V..................@..@.idata...c.......d...T..............@..@.00cfg..Q...........................@..@.rsrc...s...........................@..@.reloc..:...........................@..B................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\psutil\_psutil_windows.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):67072
                                                                                                                                                                                                Entropy (8bit):5.909456553599775
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\pyexpat.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):67344
                                                                                                                                                                                                Entropy (8bit):6.060303737301524
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:I3oq8E2QfmLZQ3l4IXLXMYsGHbRpAygGeqJmVEXOA1eqB0IyIvLhc5YivKrf2E6O:aR8o+9QGITlFd4uX7QI0IyIvLhm7SzkO
                                                                                                                                                                                                MD5:7BB1350973B5734046C81F0D61614F54
                                                                                                                                                                                                SHA1:45F4924C955C98A43034D27FAB06992BD54FE9C3
                                                                                                                                                                                                SHA-256:8E96F68FDF07D0FBFB0AD7A035E4006F3F96F36336C72959C6943A0DE9046EEE
                                                                                                                                                                                                SHA-512:E84874AB6C194D01BB69AF28F7A2349AE7CEAA2724173994DDC05DC8DFC2E016E68DACE101908B072D1D2A2DEE5F1BE6DE3CF8617F5C227F9D4BE0F600E9742E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F...(...(...(.....(.)...(.-...(.,...(.+...(.)...(.(.)...(...)...(.(. ...(.(.(...(.(.....(.(.*...(.Rich..(.........PE..d...V..f.........." .....Z..........P^....................................... ............`.........................................P...P.......x.......x................/......T.......T...........................P...8............p...............................text....Y.......Z.................. ..`.rdata..,D...p...F...^..............@..@.data...( ..........................@....pdata..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\python3.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68368
                                                                                                                                                                                                Entropy (8bit):6.15267590214345
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:oGV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamML:RDmF61JFn+/OQ0IyIvL0F7S8BW
                                                                                                                                                                                                MD5:4D0E26209CB859B514EE6297134A1207
                                                                                                                                                                                                SHA1:7B5145E969759062B5B3295CF686F1FFBC7C2FBD
                                                                                                                                                                                                SHA-256:E1D5AE1D5EA8EF5A2C7487923EF7466AB33C955342E6F72CB4D38A096C5A6880
                                                                                                                                                                                                SHA-512:60D1B0C656BF180CA848028C9512FBDA672375739DAEF0945593115D9A1F9E780164B93E9E66E3771FDA05EE0ADC6B530C87368699638D33E515B7E614F5E229
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q.d.q.d.q.d...l.p.d...d.p.d.....p.d...f.p.d.Richq.d.................PE..d...7..f.........." ......................................................................`.........................................`...H...............x................/..............T............................................................................rdata..............................@..@.rsrc...x...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\python312.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7457040
                                                                                                                                                                                                Entropy (8bit):5.785799760469906
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:l+t4Lts2l693a71IFzPGjN4hMs7fo3IHPMxIMoaOh:lQ4Lq2KK71IFzPGjNen7fqx4h
                                                                                                                                                                                                MD5:E77035E9EE16E84C2AE565DD1576FF02
                                                                                                                                                                                                SHA1:059D01C13620E9DEB6A1F40D37E40CA19C26FCC7
                                                                                                                                                                                                SHA-256:D5C15F80AFCD0679CFE6C82E80FCD30469BC7A54A6D466E161A10A9A57E7E479
                                                                                                                                                                                                SHA-512:5CAC01738562BCBA213EC6367C9A7542F66E444D63C71BF8978AC2BF7CFAD22ACDDC4423785A26725628C8461C81501181279FDC2316FC83B8640996F1A56214
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m$PA)E>.)E>.)E>.{0?.+E>.O*..'E>.{0;.%E>.{0:.!E>.{0=.-E>..,?.+E>. =..3E>.b=?."E>.)E?..D>..06..E>..0>.(E>..0..(E>..0<.(E>.Rich)E>.........................PE..d......f.........." ......0...A.......0.......................................r......+r...`.........................................p.V.....@.W...... q.......g. )....q../...0q. [..`.S.T.....................S.(.....S.8.............0.x............................text...8.0.......0................. ..`.rdata....&...0...&...0.............@..@.data...X.....W..X....W.............@....pdata.. )....g..*....g.............@..@PyRuntimh.... j......4i.............@....rsrc........ q......4p.............@..@.reloc.. [...0q..\...>p.............@..B................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\select.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30480
                                                                                                                                                                                                Entropy (8bit):6.617546299725576
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:aFsfsNMp2HfyCCT00IyIvQGI5YivKnU2EzkMlW:aCPI/1Co0IyIvQG67SnUhkMI
                                                                                                                                                                                                MD5:FE6DEA2058181593C5546416D96EAD85
                                                                                                                                                                                                SHA1:CB45D35BED1C9AB2A1F1D039B695C44B574E2FCB
                                                                                                                                                                                                SHA-256:BAFDF1758831946E03A1BC910EAFE5AA92ED59910C6EC54A1D0282D9C923FC62
                                                                                                                                                                                                SHA-512:D0D51289383227C77B8ADC59A2598050C7F9A69B3D2C9B574BDE4CF5B492DB63055A50006DD4C1D9222A1DFC2C6ACAEF664F0BF89FA28E4BCEF80B367DA6FBAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:...T...T...T.......T...U...T...Q...T...P...T...W...T.D.U...T...U..T...U...T.D.\...T.D.T...T.D....T.D.V...T.Rich..T.................PE..d...W..f.........." .........0.......................................................[....`..........................................?..L...<@..x....p..x....`.......H.../......H....7..T........................... 8..8............0...............................text............................... ..`.rdata.......0......................@..@.data...(....P.......6..............@....pdata.......`.......8..............@..@.rsrc...x....p.......<..............@..@.reloc..H............F..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\ucrtbase.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1357256
                                                                                                                                                                                                Entropy (8bit):6.584342858234787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:XUanuON+jflUtGz/rLeX+NNF7R8b1h9X2kwlNsmGb6mxvSZX0ypympKF:EIuON+jfl+Gz/rLeXDdXGQepo
                                                                                                                                                                                                MD5:1C5C8447D570E0ECEEFC9F3F92C008DA
                                                                                                                                                                                                SHA1:A198C2897E6A1C5745E2EF7F508541DC21675AD4
                                                                                                                                                                                                SHA-256:D404DC9AA843D53D7E276DD078B2CAC8D7AA905E2838A1FE8385278E19BA3810
                                                                                                                                                                                                SHA-512:A1DD080B57A6339CBC66C9ABAECC0A59315B9DFE843176267B10A8324B8EB15E0F2C856C7DE938D3405905DADC36D75F0AD3AD67D8AFF5CAA42CEDA889C07607
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........jA..9A..9A..9H.b9z..9A..9...91d.9@..91d.8J..91d.8@..91d.8v..91d.8i..9A..9C..91d.8...91d.9@..91d.8@..9RichA..9........PE..d....U..........." ...&.p... ......`.....................................................`A.........................................p...... E..X...............D........%......(...(U..p...............................@...........0...`............................text....U.......`.................. ..`fothk........p.......p.............. ..`.rdata..............................@..@.data...4&...`... ...`..............@....pdata..D...........................@..@.fptable.....p.......`..............@....rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\unicodedata.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1136912
                                                                                                                                                                                                Entropy (8bit):5.456851079193173
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:jW4cCjJ43w9hI4CQgHdcM6hbkb0QN8MdIECs+U2BNNmD+99Ffidm:jW4cCjfhEXzbPNfvC02BN6yzqdm
                                                                                                                                                                                                MD5:C195F220C11C7597894A4A59303F2D58
                                                                                                                                                                                                SHA1:0B5E84E38CC3948B3EE3D723649F16227F05BCB4
                                                                                                                                                                                                SHA-256:9E8D504EC2E7D1A47AFC69295934055D21FE2030A0BE5D06B193DC4EE9D6045E
                                                                                                                                                                                                SHA-512:D537D6B8A50F331AEB774342F9360F35B4315A06478121C7769A2755DB3771D57564F78E11FDD7328392B206EF050B83BC1C63E5144EC5FB22A4DCB08D7F8AC4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S..z.f@).f@).f@)...).f@)E.A(.f@)E.E(.f@)E.D(.f@)E.C(.f@)..A(.f@)\.A(.f@).fA)Gf@)..H(.f@)..@(.f@)...).f@)..B(.f@)Rich.f@)........PE..d...X..f.........." .....<..........@?.......................................p............`.........................................P...X............P.......@.......*.../...`..........T...........................0...8............P..h............................text...x:.......<.................. ..`.rdata.."....P.......@..............@..@.data...h.... ......................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc.......`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\zlib.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):99608
                                                                                                                                                                                                Entropy (8bit):6.775753952873787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:D1lgN6zud9Uvug5vx8QBrsHaXBb2nSCvIOcIOyuJK5iQzub7SJx:LgN6adi2g5vxLRWSChSyl5iQzubG
                                                                                                                                                                                                MD5:523741C4B0373E33603588A0921FE26C
                                                                                                                                                                                                SHA1:E3FF655BFCA9434EF0D688A428A7D84243287B85
                                                                                                                                                                                                SHA-256:8DBFD6EF7374A831158BDDCCB79E3D5665E9625C81AF557F15B4150B7877F687
                                                                                                                                                                                                SHA-512:E27E29D973C2ED9E160AECA9669F50DA76806FBCC154E47EC0EA2403A1E80DAC84AAD6088F8BDE938D9D40426811DCE6A6AF6005BDE252BAFB2F14A84C4EDDA1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........q..."..."..."..w"..."...#..."hj#"..."...#..."...#..."...#..."...#..."..."..."]..#..."]..#..."].."..."]..#..."Rich..."........................PE..d...@k1f.........." .........~......D.....................................................`..........................................L..|...|S..........0....p.......V.../......X...0=..............................P=..................x............................text............................... ..`.rdata...i.......j..................@..@.data...8....`.......B..............@....pdata.......p.......D..............@..@.rsrc...0............N..............@..@.reloc..X............T..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard\_cffi.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):661776
                                                                                                                                                                                                Entropy (8bit):6.476778405490466
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:G5a4zllEXvs5XP6xFDziL5uBG6W8PnPgM8b5o3:GM6llEfs5dL5uY8PnPN8b5s
                                                                                                                                                                                                MD5:7B197462854AE96122A667F14054302B
                                                                                                                                                                                                SHA1:7E8FAA880262FE97C85040F8AF2F67822A15513B
                                                                                                                                                                                                SHA-256:106B64A0DE9DA01D0E9957221479FC4BC3A6D782F63F229123316C63D416EE42
                                                                                                                                                                                                SHA-512:BC0449398166869B728D3B97507DC600572E09160ADC448EEB2C4CEAFB79A2794E1B270E1591E54E930567FCB6440C5D82569B26F2A6633C334278767762814E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$a..`.o]`.o]`.o]ix.]j.o]2un\b.o].pn\b.o]2uj\l.o]2uk\h.o]2ul\d.o].un\c.o]`.n](.o].ug\b.o].uo\a.o].u.]a.o].um\a.o]Rich`.o]........PE..d......g.........." .........\.............................................. ............`.........................................0...\.......................l3......./...........S.............................. S..8...............@............................text............................... ..`.rdata..b...........................@..@.data...p...........................@....pdata..l3.......4..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\zstandard\backend_c.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):94480
                                                                                                                                                                                                Entropy (8bit):6.120835494461923
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Bas7Cc/5nWNGY4HvQzI7YfH/hbzx5vxqacFkQ98xKe/X7SxIfG:B/N5nkEvAAYnhPx5vxqarQ98xKevGWu
                                                                                                                                                                                                MD5:C7E437B2DB062C919946D91369A3F0EF
                                                                                                                                                                                                SHA1:86F1230653401197CCC114438E70FF03DA4A4C55
                                                                                                                                                                                                SHA-256:AD36753B1C07A1743F9FEFB0ED7AF6F59981E93049ED8AA922E09D6A73C86B1E
                                                                                                                                                                                                SHA-512:C73F9FF7135211A7E8346F6A7E81A244F91DFB08A929CEFDE0B6660F3E7DCC8AC2251BE49442F1428F45547C6F573963B82EC4F2F142191928E62659714E47E8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.v.Q.%.Q.%.Q.%.).%.Q.%.$.$.Q.%^!.$.Q.%.$.$.Q.%.$.$.Q.%.$.$.Q.%p$.$.Q.%.Q.%%Q.%p$.$.Q.%p$.$.Q.%p$B%.Q.%p$.$.Q.%Rich.Q.%................PE..d......g.........." ................................................................/.....`.............................................d...D........`.......P..`....B.../...p...................................... ...8............................................text.............................. ..`.rdata...Q.......R..................@..@.data....,... ...&..................@....pdata..`....P.......,..............@..@.rsrc........`.......:..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58482\zstd.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):666384
                                                                                                                                                                                                Entropy (8bit):6.453029512868606
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:5m0sylHOjXjijM2SRcW+F0k3A/9H29SgsRAh2gxecv1M2pDaPC5Jp9+nEvRrIx+u:5m0L0jOGcW+F0k32q5yc6aUf/x5oTQt
                                                                                                                                                                                                MD5:43E3B2A11B8A3CFF93A0A8AD3C6A7EE2
                                                                                                                                                                                                SHA1:BABD3E6B7A466FA79C050179A8E7126FD5CB6BAF
                                                                                                                                                                                                SHA-256:BE5A011E36657A266E96BF287CF4FF806DCEC43B5B720BB1E80D10A28F91F294
                                                                                                                                                                                                SHA-512:5D44AF0A7131555DFB5302E56E35069D7B884679B76F44DD030C7F376310B3DF7342A733B65692291A0B5E88A08B963051B6387F6D138656F404CF079E667200
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\..7...d...d...d...d...dJ.e...dJ.e...dJ.e...dJ.e...d..e...d...d"..d..e<..d..e...d..qd...d..e...dRich...d................PE..d...d..g.........." .........J......p........................................@............`......................................... ...d............ ..L........2......./...0.......h...............................h..8............................................text............................... ..`.rdata..............................@..@.data...............................@....pdata...2.......4..................@..@.rsrc...L.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                General

                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Entropy (8bit):7.991321055706544
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:MacAttack.exe
                                                                                                                                                                                                File size:47'685'860 bytes
                                                                                                                                                                                                MD5:a2424a73630fc4ff422fcc9809707079
                                                                                                                                                                                                SHA1:9f4ff302aecfbed299aa55f1616539f4f49de257
                                                                                                                                                                                                SHA256:6b8be3ebc7286c0b5b954ce66c77b852806fe12e7020ffcc312f2cf533b7fbf2
                                                                                                                                                                                                SHA512:f7abee0feb3ffd35d69caffd84035772bcb1f2ce2c7b57e768e97509907ea7682ce413de62aae27b7a9c2236cf1f603d9287d7fbda90bef406614b9c1a717920
                                                                                                                                                                                                SSDEEP:786432:Se+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVLBduJviT+qqQpxAjMpKR6:nXGMK4XR3bLSCU/+6yPl3uJv+pGwp
                                                                                                                                                                                                TLSH:EBA73300F1A40995E9F11934AA21C773C7A27C5D8B32C66B52F03F6B74BBED225176E8
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                File Icon

                                                                                                                                                                                                Icon Hash:0f7958ce6c17160e

                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                General

                                                                                                                                                                                                Entrypoint:0x14000ce20
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x675D14BF [Sat Dec 14 05:16:47 2024 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                Instruction
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                call 00007F791CC820BCh
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                jmp 00007F791CC81CDFh
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                call 00007F791CC82488h
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                je 00007F791CC81E83h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov eax, dword ptr [00000030h]
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                jmp 00007F791CC81E67h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                cmp ecx, eax
                                                                                                                                                                                                je 00007F791CC81E76h
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                jne 00007F791CC81E50h
                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                ret
                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                jmp 00007F791CC81E59h
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                test ecx, ecx
                                                                                                                                                                                                jne 00007F791CC81E69h
                                                                                                                                                                                                mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                call 00007F791CC815B5h
                                                                                                                                                                                                call 00007F791CC828A0h
                                                                                                                                                                                                test al, al
                                                                                                                                                                                                jne 00007F791CC81E66h
                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                jmp 00007F791CC81E76h
                                                                                                                                                                                                call 00007F791CC8F3BFh
                                                                                                                                                                                                test al, al
                                                                                                                                                                                                jne 00007F791CC81E6Bh
                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                call 00007F791CC828B0h
                                                                                                                                                                                                jmp 00007F791CC81E4Ch
                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                ret
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                inc eax
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                                cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                mov ebx, ecx
                                                                                                                                                                                                jne 00007F791CC81EC9h
                                                                                                                                                                                                cmp ecx, 01h
                                                                                                                                                                                                jnbe 00007F791CC81ECCh
                                                                                                                                                                                                call 00007F791CC823FEh
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                je 00007F791CC81E8Ah
                                                                                                                                                                                                test ebx, ebx
                                                                                                                                                                                                jne 00007F791CC81E86h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                call 00007F791CC8F1B2h

                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x581e8.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xa00000x764.reloc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                Sections

                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rdata0x2b0000x12a280x12c00b7da18236da327e5afba22ffca83850fFalse0.5242838541666667data5.750778811876841IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rsrc0x470000x581e80x58200bf785a1b15ceaad2f4fae03dc3faee55False0.14018727836879433data2.307286022367885IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .reloc0xa00000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                Resources

                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                RT_ICON0x471780x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2703360.1157869041630914
                                                                                                                                                                                                RT_ICON0x891a00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.18154797113450846
                                                                                                                                                                                                RT_ICON0x999c80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.27166981577704297
                                                                                                                                                                                                RT_ICON0x9dbf00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.40126641651031897
                                                                                                                                                                                                RT_GROUP_ICON0x9ec980x3edata0.8064516129032258
                                                                                                                                                                                                RT_MANIFEST0x9ecd80x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                Imports

                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                COMCTL32.dll
                                                                                                                                                                                                KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                No network behavior found

                                                                                                                                                                                                Statistics

                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Behavior

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:20:09:28
                                                                                                                                                                                                Start date:15/12/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\MacAttack.exe"
                                                                                                                                                                                                Imagebase:0x7ff7923f0000
                                                                                                                                                                                                File size:47'685'860 bytes
                                                                                                                                                                                                MD5 hash:A2424A73630FC4FF422FCC9809707079
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                Start time:20:09:36
                                                                                                                                                                                                Start date:15/12/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\MacAttack.exe"
                                                                                                                                                                                                Imagebase:0x7ff7923f0000
                                                                                                                                                                                                File size:47'685'860 bytes
                                                                                                                                                                                                MD5 hash:A2424A73630FC4FF422FCC9809707079
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:9.7%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:20.1%
                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                  Total number of Limit Nodes:41
                                                                                                                                                                                                  execution_graph 20018 7ff79241ae6e 20019 7ff79241ae87 20018->20019 20020 7ff79241ae7d 20018->20020 20022 7ff7924103a8 LeaveCriticalSection 20020->20022 19838 7ff79241add9 19841 7ff7924054e8 LeaveCriticalSection 19838->19841 18943 7ff79240c590 18954 7ff792410348 EnterCriticalSection 18943->18954 15919 7ff79240f9fc 15920 7ff79240fbee 15919->15920 15922 7ff79240fa3e _isindst 15919->15922 15972 7ff792404f78 15920->15972 15922->15920 15925 7ff79240fabe _isindst 15922->15925 15940 7ff792416204 15925->15940 15930 7ff79240fc1a 15984 7ff79240a970 IsProcessorFeaturePresent 15930->15984 15937 7ff79240fb1b 15938 7ff79240fbde 15937->15938 15965 7ff792416248 15937->15965 15975 7ff7923fc5c0 15938->15975 15941 7ff79240fadc 15940->15941 15942 7ff792416213 15940->15942 15947 7ff792415608 15941->15947 15988 7ff792410348 EnterCriticalSection 15942->15988 15948 7ff79240faf1 15947->15948 15949 7ff792415611 15947->15949 15948->15930 15953 7ff792415638 15948->15953 15950 7ff792404f78 _get_daylight 11 API calls 15949->15950 15951 7ff792415616 15950->15951 15989 7ff79240a950 15951->15989 15954 7ff79240fb02 15953->15954 15955 7ff792415641 15953->15955 15954->15930 15959 7ff792415668 15954->15959 15956 7ff792404f78 _get_daylight 11 API calls 15955->15956 15957 7ff792415646 15956->15957 15958 7ff79240a950 _invalid_parameter_noinfo 37 API calls 15957->15958 15958->15954 15960 7ff792415671 15959->15960 15961 7ff79240fb13 15959->15961 15962 7ff792404f78 _get_daylight 11 API calls 15960->15962 15961->15930 15961->15937 15963 7ff792415676 15962->15963 15964 7ff79240a950 _invalid_parameter_noinfo 37 API calls 15963->15964 15964->15961 16073 7ff792410348 EnterCriticalSection 15965->16073 16074 7ff79240b338 GetLastError 15972->16074 15974 7ff792404f81 15974->15938 15976 7ff7923fc5c9 15975->15976 15977 7ff7923fc950 IsProcessorFeaturePresent 15976->15977 15978 7ff7923fc5d4 15976->15978 15979 7ff7923fc968 15977->15979 16091 7ff7923fcb48 RtlCaptureContext 15979->16091 15985 7ff79240a983 15984->15985 16096 7ff79240a684 15985->16096 15992 7ff79240a7e8 15989->15992 15991 7ff79240a969 15991->15948 15993 7ff79240a813 15992->15993 15996 7ff79240a884 15993->15996 15995 7ff79240a83a 15995->15991 16006 7ff79240a5cc 15996->16006 15999 7ff79240a8bf 15999->15995 16002 7ff79240a970 _isindst 17 API calls 16003 7ff79240a94f 16002->16003 16004 7ff79240a7e8 _invalid_parameter_noinfo 37 API calls 16003->16004 16005 7ff79240a969 16004->16005 16005->15995 16007 7ff79240a5e8 GetLastError 16006->16007 16008 7ff79240a623 16006->16008 16009 7ff79240a5f8 16007->16009 16008->15999 16012 7ff79240a638 16008->16012 16015 7ff79240b400 16009->16015 16013 7ff79240a66c 16012->16013 16014 7ff79240a654 GetLastError SetLastError 16012->16014 16013->15999 16013->16002 16014->16013 16016 7ff79240b43a FlsSetValue 16015->16016 16017 7ff79240b41f FlsGetValue 16015->16017 16019 7ff79240b447 16016->16019 16020 7ff79240a613 SetLastError 16016->16020 16018 7ff79240b434 16017->16018 16017->16020 16018->16016 16032 7ff79240ec08 16019->16032 16020->16008 16023 7ff79240b474 FlsSetValue 16025 7ff79240b480 FlsSetValue 16023->16025 16026 7ff79240b492 16023->16026 16024 7ff79240b464 FlsSetValue 16027 7ff79240b46d 16024->16027 16025->16027 16045 7ff79240af64 16026->16045 16039 7ff79240a9b8 16027->16039 16033 7ff79240ec19 _get_daylight 16032->16033 16034 7ff79240ec6a 16033->16034 16035 7ff79240ec4e HeapAlloc 16033->16035 16050 7ff792413600 16033->16050 16037 7ff792404f78 _get_daylight 10 API calls 16034->16037 16035->16033 16036 7ff79240b456 16035->16036 16036->16023 16036->16024 16037->16036 16040 7ff79240a9bd RtlFreeHeap 16039->16040 16041 7ff79240a9ec 16039->16041 16040->16041 16042 7ff79240a9d8 GetLastError 16040->16042 16041->16020 16043 7ff79240a9e5 __free_lconv_mon 16042->16043 16044 7ff792404f78 _get_daylight 9 API calls 16043->16044 16044->16041 16059 7ff79240ae3c 16045->16059 16053 7ff792413640 16050->16053 16058 7ff792410348 EnterCriticalSection 16053->16058 16071 7ff792410348 EnterCriticalSection 16059->16071 16075 7ff79240b379 FlsSetValue 16074->16075 16080 7ff79240b35c 16074->16080 16076 7ff79240b38b 16075->16076 16077 7ff79240b369 16075->16077 16079 7ff79240ec08 _get_daylight 5 API calls 16076->16079 16078 7ff79240b3e5 SetLastError 16077->16078 16078->15974 16081 7ff79240b39a 16079->16081 16080->16075 16080->16077 16082 7ff79240b3b8 FlsSetValue 16081->16082 16083 7ff79240b3a8 FlsSetValue 16081->16083 16085 7ff79240b3c4 FlsSetValue 16082->16085 16086 7ff79240b3d6 16082->16086 16084 7ff79240b3b1 16083->16084 16087 7ff79240a9b8 __free_lconv_mon 5 API calls 16084->16087 16085->16084 16088 7ff79240af64 _get_daylight 5 API calls 16086->16088 16087->16077 16089 7ff79240b3de 16088->16089 16090 7ff79240a9b8 __free_lconv_mon 5 API calls 16089->16090 16090->16078 16092 7ff7923fcb62 RtlLookupFunctionEntry 16091->16092 16093 7ff7923fc97b 16092->16093 16094 7ff7923fcb78 RtlVirtualUnwind 16092->16094 16095 7ff7923fc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16093->16095 16094->16092 16094->16093 16097 7ff79240a6be __FrameHandler3::FrameUnwindToEmptyState __scrt_get_show_window_mode 16096->16097 16098 7ff79240a6e6 RtlCaptureContext RtlLookupFunctionEntry 16097->16098 16099 7ff79240a720 RtlVirtualUnwind 16098->16099 16100 7ff79240a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16098->16100 16099->16100 16101 7ff79240a7a8 __FrameHandler3::FrameUnwindToEmptyState 16100->16101 16102 7ff7923fc5c0 _log10_special 8 API calls 16101->16102 16103 7ff79240a7c7 GetCurrentProcess TerminateProcess 16102->16103 18826 7ff792405698 18827 7ff7924056b2 18826->18827 18828 7ff7924056cf 18826->18828 18830 7ff792404f58 _fread_nolock 11 API calls 18827->18830 18828->18827 18829 7ff7924056e2 CreateFileW 18828->18829 18831 7ff792405716 18829->18831 18832 7ff79240574c 18829->18832 18833 7ff7924056b7 18830->18833 18851 7ff7924057ec GetFileType 18831->18851 18877 7ff792405c74 18832->18877 18836 7ff792404f78 _get_daylight 11 API calls 18833->18836 18839 7ff7924056bf 18836->18839 18844 7ff79240a950 _invalid_parameter_noinfo 37 API calls 18839->18844 18840 7ff792405741 CloseHandle 18845 7ff7924056ca 18840->18845 18841 7ff79240572b CloseHandle 18841->18845 18842 7ff792405755 18846 7ff792404eec _fread_nolock 11 API calls 18842->18846 18843 7ff792405780 18898 7ff792405a34 18843->18898 18844->18845 18850 7ff79240575f 18846->18850 18850->18845 18852 7ff7924058f7 18851->18852 18856 7ff79240583a 18851->18856 18853 7ff792405921 18852->18853 18854 7ff7924058ff 18852->18854 18860 7ff792405944 PeekNamedPipe 18853->18860 18876 7ff7924058e2 18853->18876 18857 7ff792405903 18854->18857 18858 7ff792405912 GetLastError 18854->18858 18855 7ff792405866 GetFileInformationByHandle 18855->18858 18859 7ff79240588f 18855->18859 18856->18855 18861 7ff792405b70 21 API calls 18856->18861 18863 7ff792404f78 _get_daylight 11 API calls 18857->18863 18865 7ff792404eec _fread_nolock 11 API calls 18858->18865 18864 7ff792405a34 51 API calls 18859->18864 18860->18876 18862 7ff792405854 18861->18862 18862->18855 18862->18876 18863->18876 18866 7ff79240589a 18864->18866 18865->18876 18915 7ff792405994 18866->18915 18867 7ff7923fc5c0 _log10_special 8 API calls 18868 7ff792405724 18867->18868 18868->18840 18868->18841 18871 7ff792405994 10 API calls 18872 7ff7924058b9 18871->18872 18873 7ff792405994 10 API calls 18872->18873 18874 7ff7924058ca 18873->18874 18875 7ff792404f78 _get_daylight 11 API calls 18874->18875 18874->18876 18875->18876 18876->18867 18878 7ff792405caa 18877->18878 18879 7ff792405d42 __std_exception_destroy 18878->18879 18880 7ff792404f78 _get_daylight 11 API calls 18878->18880 18881 7ff7923fc5c0 _log10_special 8 API calls 18879->18881 18882 7ff792405cbc 18880->18882 18883 7ff792405751 18881->18883 18884 7ff792404f78 _get_daylight 11 API calls 18882->18884 18883->18842 18883->18843 18885 7ff792405cc4 18884->18885 18886 7ff792407e78 45 API calls 18885->18886 18887 7ff792405cd9 18886->18887 18888 7ff792405ce1 18887->18888 18889 7ff792405ceb 18887->18889 18890 7ff792404f78 _get_daylight 11 API calls 18888->18890 18891 7ff792404f78 _get_daylight 11 API calls 18889->18891 18895 7ff792405ce6 18890->18895 18892 7ff792405cf0 18891->18892 18892->18879 18893 7ff792404f78 _get_daylight 11 API calls 18892->18893 18894 7ff792405cfa 18893->18894 18896 7ff792407e78 45 API calls 18894->18896 18895->18879 18897 7ff792405d34 GetDriveTypeW 18895->18897 18896->18895 18897->18879 18900 7ff792405a5c 18898->18900 18899 7ff79240578d 18908 7ff792405b70 18899->18908 18900->18899 18922 7ff79240f794 18900->18922 18902 7ff792405af0 18902->18899 18903 7ff79240f794 51 API calls 18902->18903 18904 7ff792405b03 18903->18904 18904->18899 18905 7ff79240f794 51 API calls 18904->18905 18906 7ff792405b16 18905->18906 18906->18899 18907 7ff79240f794 51 API calls 18906->18907 18907->18899 18909 7ff792405b8a 18908->18909 18910 7ff792405bc1 18909->18910 18911 7ff792405b9a 18909->18911 18912 7ff79240f628 21 API calls 18910->18912 18913 7ff792405baa 18911->18913 18914 7ff792404eec _fread_nolock 11 API calls 18911->18914 18912->18913 18913->18850 18914->18913 18916 7ff7924059b0 18915->18916 18917 7ff7924059bd FileTimeToSystemTime 18915->18917 18916->18917 18919 7ff7924059b8 18916->18919 18918 7ff7924059d1 SystemTimeToTzSpecificLocalTime 18917->18918 18917->18919 18918->18919 18920 7ff7923fc5c0 _log10_special 8 API calls 18919->18920 18921 7ff7924058a9 18920->18921 18921->18871 18923 7ff79240f7c5 18922->18923 18924 7ff79240f7a1 18922->18924 18926 7ff79240f7ff 18923->18926 18929 7ff79240f81e 18923->18929 18924->18923 18925 7ff79240f7a6 18924->18925 18927 7ff792404f78 _get_daylight 11 API calls 18925->18927 18928 7ff792404f78 _get_daylight 11 API calls 18926->18928 18930 7ff79240f7ab 18927->18930 18931 7ff79240f804 18928->18931 18932 7ff792404fbc 45 API calls 18929->18932 18933 7ff79240a950 _invalid_parameter_noinfo 37 API calls 18930->18933 18934 7ff79240a950 _invalid_parameter_noinfo 37 API calls 18931->18934 18937 7ff79240f82b 18932->18937 18935 7ff79240f7b6 18933->18935 18936 7ff79240f80f 18934->18936 18935->18902 18936->18902 18937->18936 18938 7ff79241054c 51 API calls 18937->18938 18938->18937 19051 7ff792411720 19062 7ff792417454 19051->19062 19063 7ff792417461 19062->19063 19064 7ff79240a9b8 __free_lconv_mon 11 API calls 19063->19064 19065 7ff79241747d 19063->19065 19064->19063 19066 7ff79240a9b8 __free_lconv_mon 11 API calls 19065->19066 19067 7ff792411729 19065->19067 19066->19065 19068 7ff792410348 EnterCriticalSection 19067->19068 16199 7ff7923fccac 16222 7ff7923fce7c 16199->16222 16202 7ff7923fcdf8 16380 7ff7923fd19c IsProcessorFeaturePresent 16202->16380 16203 7ff7923fccc8 __scrt_acquire_startup_lock 16205 7ff7923fce02 16203->16205 16207 7ff7923fcce6 16203->16207 16206 7ff7923fd19c 7 API calls 16205->16206 16209 7ff7923fce0d __FrameHandler3::FrameUnwindToEmptyState 16206->16209 16208 7ff7923fcd0b 16207->16208 16211 7ff7923fcd28 __scrt_release_startup_lock 16207->16211 16365 7ff792409848 16207->16365 16212 7ff7923fcd91 16211->16212 16369 7ff792409b9c 16211->16369 16228 7ff7923fd2e4 16212->16228 16214 7ff7923fcd96 16231 7ff7923f1000 16214->16231 16219 7ff7923fcdb9 16219->16209 16376 7ff7923fd000 16219->16376 16223 7ff7923fce84 16222->16223 16224 7ff7923fce90 __scrt_dllmain_crt_thread_attach 16223->16224 16225 7ff7923fccc0 16224->16225 16226 7ff7923fce9d 16224->16226 16225->16202 16225->16203 16226->16225 16387 7ff7923fd8f8 16226->16387 16414 7ff79241a540 16228->16414 16230 7ff7923fd2fb GetStartupInfoW 16230->16214 16232 7ff7923f1009 16231->16232 16416 7ff7924054f4 16232->16416 16234 7ff7923f37fb 16423 7ff7923f36b0 16234->16423 16237 7ff7923f3808 __std_exception_destroy 16240 7ff7923fc5c0 _log10_special 8 API calls 16237->16240 16243 7ff7923f3ca7 16240->16243 16241 7ff7923f391b 16592 7ff7923f45b0 16241->16592 16242 7ff7923f383c 16583 7ff7923f1c80 16242->16583 16374 7ff7923fd328 GetModuleHandleW 16243->16374 16246 7ff7923f385b 16495 7ff7923f8a20 16246->16495 16249 7ff7923f396a 16615 7ff7923f2710 16249->16615 16251 7ff7923f388e 16260 7ff7923f38bb __std_exception_destroy 16251->16260 16587 7ff7923f8b90 16251->16587 16253 7ff7923f395d 16254 7ff7923f3984 16253->16254 16255 7ff7923f3962 16253->16255 16257 7ff7923f1c80 49 API calls 16254->16257 16611 7ff7924000bc 16255->16611 16259 7ff7923f39a3 16257->16259 16265 7ff7923f1950 115 API calls 16259->16265 16261 7ff7923f8a20 14 API calls 16260->16261 16268 7ff7923f38de __std_exception_destroy 16260->16268 16261->16268 16263 7ff7923f3a0b 16264 7ff7923f8b90 40 API calls 16263->16264 16266 7ff7923f3a17 16264->16266 16267 7ff7923f39ce 16265->16267 16269 7ff7923f8b90 40 API calls 16266->16269 16267->16246 16270 7ff7923f39de 16267->16270 16274 7ff7923f390e __std_exception_destroy 16268->16274 16626 7ff7923f8b30 16268->16626 16271 7ff7923f3a23 16269->16271 16272 7ff7923f2710 54 API calls 16270->16272 16273 7ff7923f8b90 40 API calls 16271->16273 16272->16237 16273->16274 16275 7ff7923f8a20 14 API calls 16274->16275 16276 7ff7923f3a3b 16275->16276 16277 7ff7923f3a60 __std_exception_destroy 16276->16277 16278 7ff7923f3b2f 16276->16278 16280 7ff7923f8b30 40 API calls 16277->16280 16282 7ff7923f3aab 16277->16282 16279 7ff7923f2710 54 API calls 16278->16279 16279->16237 16280->16282 16281 7ff7923f8a20 14 API calls 16283 7ff7923f3bf4 __std_exception_destroy 16281->16283 16282->16281 16284 7ff7923f3c46 16283->16284 16285 7ff7923f3d41 16283->16285 16286 7ff7923f3cd4 16284->16286 16287 7ff7923f3c50 16284->16287 16633 7ff7923f44d0 16285->16633 16290 7ff7923f8a20 14 API calls 16286->16290 16508 7ff7923f90e0 16287->16508 16293 7ff7923f3ce0 16290->16293 16291 7ff7923f3d4f 16294 7ff7923f3d65 16291->16294 16295 7ff7923f3d71 16291->16295 16296 7ff7923f3c61 16293->16296 16299 7ff7923f3ced 16293->16299 16636 7ff7923f4620 16294->16636 16298 7ff7923f1c80 49 API calls 16295->16298 16301 7ff7923f2710 54 API calls 16296->16301 16308 7ff7923f3cc8 __std_exception_destroy 16298->16308 16302 7ff7923f1c80 49 API calls 16299->16302 16301->16237 16305 7ff7923f3d0b 16302->16305 16303 7ff7923f3dc4 16558 7ff7923f9400 16303->16558 16307 7ff7923f3d12 16305->16307 16305->16308 16312 7ff7923f2710 54 API calls 16307->16312 16308->16303 16309 7ff7923f3da7 SetDllDirectoryW LoadLibraryExW 16308->16309 16309->16303 16310 7ff7923f3dd7 SetDllDirectoryW 16313 7ff7923f3e0a 16310->16313 16356 7ff7923f3e5a 16310->16356 16312->16237 16314 7ff7923f8a20 14 API calls 16313->16314 16322 7ff7923f3e16 __std_exception_destroy 16314->16322 16315 7ff7923f3ffc 16316 7ff7923f4006 PostMessageW GetMessageW 16315->16316 16317 7ff7923f4029 16315->16317 16316->16317 16713 7ff7923f3360 16317->16713 16318 7ff7923f3f1b 16563 7ff7923f33c0 16318->16563 16325 7ff7923f3ef2 16322->16325 16329 7ff7923f3e4e 16322->16329 16328 7ff7923f8b30 40 API calls 16325->16328 16328->16356 16329->16356 16639 7ff7923f6db0 16329->16639 16356->16315 16356->16318 16366 7ff79240987e 16365->16366 16367 7ff79240984d 16365->16367 16366->16211 16367->16366 18803 7ff792405480 16367->18803 16370 7ff792409bb3 16369->16370 16371 7ff792409bd4 16369->16371 16370->16212 16372 7ff79240a448 45 API calls 16371->16372 16373 7ff792409bd9 16372->16373 16375 7ff7923fd339 16374->16375 16375->16219 16377 7ff7923fd011 16376->16377 16378 7ff7923fcdd0 16377->16378 16379 7ff7923fd8f8 7 API calls 16377->16379 16378->16208 16379->16378 16381 7ff7923fd1c2 __FrameHandler3::FrameUnwindToEmptyState __scrt_get_show_window_mode 16380->16381 16382 7ff7923fd1e1 RtlCaptureContext RtlLookupFunctionEntry 16381->16382 16383 7ff7923fd20a RtlVirtualUnwind 16382->16383 16384 7ff7923fd246 __scrt_get_show_window_mode 16382->16384 16383->16384 16385 7ff7923fd278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16384->16385 16386 7ff7923fd2c6 __FrameHandler3::FrameUnwindToEmptyState 16385->16386 16386->16205 16388 7ff7923fd900 16387->16388 16389 7ff7923fd90a 16387->16389 16393 7ff7923fdc94 16388->16393 16389->16225 16394 7ff7923fdca3 16393->16394 16395 7ff7923fd905 16393->16395 16401 7ff7923fded0 16394->16401 16397 7ff7923fdd00 16395->16397 16398 7ff7923fdd2b 16397->16398 16399 7ff7923fdd2f 16398->16399 16400 7ff7923fdd0e DeleteCriticalSection 16398->16400 16399->16389 16400->16398 16405 7ff7923fdd38 16401->16405 16406 7ff7923fdd7c __vcrt_InitializeCriticalSectionEx 16405->16406 16411 7ff7923fde22 TlsFree 16405->16411 16407 7ff7923fddaa LoadLibraryExW 16406->16407 16408 7ff7923fde69 GetProcAddress 16406->16408 16406->16411 16413 7ff7923fdded LoadLibraryExW 16406->16413 16409 7ff7923fddcb GetLastError 16407->16409 16410 7ff7923fde49 16407->16410 16408->16411 16409->16406 16410->16408 16412 7ff7923fde60 FreeLibrary 16410->16412 16412->16408 16413->16406 16413->16410 16415 7ff79241a530 16414->16415 16415->16230 16415->16415 16417 7ff79240f4f0 16416->16417 16418 7ff79240f543 16417->16418 16420 7ff79240f596 16417->16420 16419 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16418->16419 16422 7ff79240f56c 16419->16422 16726 7ff79240f3c8 16420->16726 16422->16234 16734 7ff7923fc8c0 16423->16734 16426 7ff7923f3710 16736 7ff7923f92f0 FindFirstFileExW 16426->16736 16427 7ff7923f36eb GetLastError 16741 7ff7923f2c50 16427->16741 16431 7ff7923f3723 16756 7ff7923f9370 CreateFileW 16431->16756 16432 7ff7923f377d 16767 7ff7923f94b0 16432->16767 16434 7ff7923fc5c0 _log10_special 8 API calls 16437 7ff7923f37b5 16434->16437 16436 7ff7923f378b 16440 7ff7923f2810 49 API calls 16436->16440 16443 7ff7923f3706 16436->16443 16437->16237 16445 7ff7923f1950 16437->16445 16439 7ff7923f3734 16759 7ff7923f2810 16439->16759 16440->16443 16442 7ff7923f374c __vcrt_InitializeCriticalSectionEx 16442->16432 16443->16434 16446 7ff7923f45b0 108 API calls 16445->16446 16447 7ff7923f1985 16446->16447 16448 7ff7923f1c43 16447->16448 16450 7ff7923f7f80 83 API calls 16447->16450 16449 7ff7923fc5c0 _log10_special 8 API calls 16448->16449 16451 7ff7923f1c5e 16449->16451 16452 7ff7923f19cb 16450->16452 16451->16241 16451->16242 16494 7ff7923f1a03 16452->16494 17140 7ff792400744 16452->17140 16454 7ff7924000bc 74 API calls 16454->16448 16455 7ff7923f19e5 16456 7ff7923f19e9 16455->16456 16457 7ff7923f1a08 16455->16457 16458 7ff792404f78 _get_daylight 11 API calls 16456->16458 17144 7ff79240040c 16457->17144 16460 7ff7923f19ee 16458->16460 17147 7ff7923f2910 16460->17147 16463 7ff7923f1a45 16468 7ff7923f1a7b 16463->16468 16469 7ff7923f1a5c 16463->16469 16464 7ff7923f1a26 16465 7ff792404f78 _get_daylight 11 API calls 16464->16465 16466 7ff7923f1a2b 16465->16466 16467 7ff7923f2910 54 API calls 16466->16467 16467->16494 16471 7ff7923f1c80 49 API calls 16468->16471 16470 7ff792404f78 _get_daylight 11 API calls 16469->16470 16472 7ff7923f1a61 16470->16472 16473 7ff7923f1a92 16471->16473 16474 7ff7923f2910 54 API calls 16472->16474 16475 7ff7923f1c80 49 API calls 16473->16475 16474->16494 16476 7ff7923f1add 16475->16476 16477 7ff792400744 73 API calls 16476->16477 16478 7ff7923f1b01 16477->16478 16479 7ff7923f1b35 16478->16479 16480 7ff7923f1b16 16478->16480 16481 7ff79240040c _fread_nolock 53 API calls 16479->16481 16482 7ff792404f78 _get_daylight 11 API calls 16480->16482 16483 7ff7923f1b4a 16481->16483 16484 7ff7923f1b1b 16482->16484 16486 7ff7923f1b6f 16483->16486 16487 7ff7923f1b50 16483->16487 16485 7ff7923f2910 54 API calls 16484->16485 16485->16494 17162 7ff792400180 16486->17162 16488 7ff792404f78 _get_daylight 11 API calls 16487->16488 16490 7ff7923f1b55 16488->16490 16492 7ff7923f2910 54 API calls 16490->16492 16492->16494 16493 7ff7923f2710 54 API calls 16493->16494 16494->16454 16496 7ff7923f8a2a 16495->16496 16497 7ff7923f9400 2 API calls 16496->16497 16498 7ff7923f8a49 GetEnvironmentVariableW 16497->16498 16499 7ff7923f8a66 ExpandEnvironmentStringsW 16498->16499 16500 7ff7923f8ab2 16498->16500 16499->16500 16502 7ff7923f8a88 16499->16502 16501 7ff7923fc5c0 _log10_special 8 API calls 16500->16501 16503 7ff7923f8ac4 16501->16503 16504 7ff7923f94b0 2 API calls 16502->16504 16503->16251 16505 7ff7923f8a9a 16504->16505 16506 7ff7923fc5c0 _log10_special 8 API calls 16505->16506 16507 7ff7923f8aaa 16506->16507 16507->16251 16509 7ff7923f90f5 16508->16509 17380 7ff7923f8760 GetCurrentProcess OpenProcessToken 16509->17380 16512 7ff7923f8760 7 API calls 16513 7ff7923f9121 16512->16513 16514 7ff7923f9154 16513->16514 16515 7ff7923f913a 16513->16515 16517 7ff7923f26b0 48 API calls 16514->16517 16516 7ff7923f26b0 48 API calls 16515->16516 16518 7ff7923f9152 16516->16518 16519 7ff7923f9167 LocalFree LocalFree 16517->16519 16518->16519 16520 7ff7923f9183 16519->16520 16523 7ff7923f918f 16519->16523 17390 7ff7923f2b50 16520->17390 16522 7ff7923fc5c0 _log10_special 8 API calls 16524 7ff7923f3c55 16522->16524 16523->16522 16524->16296 16525 7ff7923f8850 16524->16525 16526 7ff7923f8868 16525->16526 16527 7ff7923f888c 16526->16527 16528 7ff7923f88ea GetTempPathW GetCurrentProcessId 16526->16528 16530 7ff7923f8a20 14 API calls 16527->16530 17399 7ff7923f25c0 16528->17399 16531 7ff7923f8898 16530->16531 17406 7ff7923f81c0 16531->17406 16537 7ff7923f8918 __std_exception_destroy 16544 7ff7923f8955 __std_exception_destroy 16537->16544 17403 7ff792408bd8 16537->17403 16542 7ff7923fc5c0 _log10_special 8 API calls 16545 7ff7923f3cbb 16542->16545 16549 7ff7923f9400 2 API calls 16544->16549 16557 7ff7923f89c4 __std_exception_destroy 16544->16557 16545->16296 16545->16308 16550 7ff7923f89a1 16549->16550 16551 7ff7923f89a6 16550->16551 16552 7ff7923f89d9 16550->16552 16557->16542 16559 7ff7923f9422 MultiByteToWideChar 16558->16559 16562 7ff7923f9446 16558->16562 16560 7ff7923f945c __std_exception_destroy 16559->16560 16559->16562 16560->16310 16561 7ff7923f9463 MultiByteToWideChar 16561->16560 16562->16560 16562->16561 16564 7ff7923f33ce __scrt_get_show_window_mode 16563->16564 16565 7ff7923f35c7 16564->16565 16569 7ff7923f1c80 49 API calls 16564->16569 16570 7ff7923f35e2 16564->16570 16575 7ff7923f35c9 16564->16575 16576 7ff7923f2a50 54 API calls 16564->16576 16580 7ff7923f35d0 16564->16580 17695 7ff7923f4550 16564->17695 17701 7ff7923f7e10 16564->17701 17712 7ff7923f1600 16564->17712 17760 7ff7923f7110 16564->17760 17764 7ff7923f4180 16564->17764 17808 7ff7923f4440 16564->17808 16566 7ff7923fc5c0 _log10_special 8 API calls 16565->16566 16567 7ff7923f3664 16566->16567 16567->16237 16582 7ff7923f90c0 LocalFree 16567->16582 16569->16564 16572 7ff7923f2710 54 API calls 16570->16572 16572->16565 16577 7ff7923f2710 54 API calls 16575->16577 16576->16564 16577->16565 16581 7ff7923f2710 54 API calls 16580->16581 16581->16565 16584 7ff7923f1ca5 16583->16584 16585 7ff7924049f4 49 API calls 16584->16585 16586 7ff7923f1cc8 16585->16586 16586->16246 16588 7ff7923f9400 2 API calls 16587->16588 16589 7ff7923f8ba4 16588->16589 16590 7ff7924082a8 38 API calls 16589->16590 16591 7ff7923f8bb6 __std_exception_destroy 16590->16591 16591->16260 16593 7ff7923f45bc 16592->16593 16594 7ff7923f9400 2 API calls 16593->16594 16595 7ff7923f45e4 16594->16595 16596 7ff7923f9400 2 API calls 16595->16596 16597 7ff7923f45f7 16596->16597 17991 7ff792406004 16597->17991 16600 7ff7923fc5c0 _log10_special 8 API calls 16601 7ff7923f392b 16600->16601 16601->16249 16602 7ff7923f7f80 16601->16602 16603 7ff7923f7fa4 16602->16603 16604 7ff792400744 73 API calls 16603->16604 16609 7ff7923f807b __std_exception_destroy 16603->16609 16605 7ff7923f7fc0 16604->16605 16605->16609 18382 7ff792407938 16605->18382 16607 7ff792400744 73 API calls 16610 7ff7923f7fd5 16607->16610 16608 7ff79240040c _fread_nolock 53 API calls 16608->16610 16609->16253 16610->16607 16610->16608 16610->16609 16612 7ff7924000ec 16611->16612 18397 7ff7923ffe98 16612->18397 16614 7ff792400105 16614->16249 16616 7ff7923fc8c0 16615->16616 16617 7ff7923f2734 GetCurrentProcessId 16616->16617 16618 7ff7923f1c80 49 API calls 16617->16618 16619 7ff7923f2787 16618->16619 16620 7ff7924049f4 49 API calls 16619->16620 16621 7ff7923f27cf 16620->16621 16622 7ff7923f2620 12 API calls 16621->16622 16623 7ff7923f27f1 16622->16623 16624 7ff7923fc5c0 _log10_special 8 API calls 16623->16624 16625 7ff7923f2801 16624->16625 16625->16237 16627 7ff7923f9400 2 API calls 16626->16627 16628 7ff7923f8b4c 16627->16628 16629 7ff7923f9400 2 API calls 16628->16629 16630 7ff7923f8b5c 16629->16630 16631 7ff7924082a8 38 API calls 16630->16631 16632 7ff7923f8b6a __std_exception_destroy 16631->16632 16632->16263 16634 7ff7923f1c80 49 API calls 16633->16634 16635 7ff7923f44ed 16634->16635 16635->16291 16637 7ff7923f1c80 49 API calls 16636->16637 16638 7ff7923f4650 16637->16638 16638->16308 16640 7ff7923f6dc5 16639->16640 16641 7ff7923f3e6c 16640->16641 16642 7ff792404f78 _get_daylight 11 API calls 16640->16642 16645 7ff7923f7330 16641->16645 16643 7ff7923f6dd2 16642->16643 16644 7ff7923f2910 54 API calls 16643->16644 16644->16641 18408 7ff7923f1470 16645->18408 18514 7ff7923f6350 16713->18514 16716 7ff7923f3399 16733 7ff7924054dc EnterCriticalSection 16726->16733 16735 7ff7923f36bc GetModuleFileNameW 16734->16735 16735->16426 16735->16427 16737 7ff7923f9342 16736->16737 16738 7ff7923f932f FindClose 16736->16738 16739 7ff7923fc5c0 _log10_special 8 API calls 16737->16739 16738->16737 16740 7ff7923f371a 16739->16740 16740->16431 16740->16432 16742 7ff7923fc8c0 16741->16742 16743 7ff7923f2c70 GetCurrentProcessId 16742->16743 16772 7ff7923f26b0 16743->16772 16745 7ff7923f2cb9 16776 7ff792404c48 16745->16776 16748 7ff7923f26b0 48 API calls 16749 7ff7923f2d34 FormatMessageW 16748->16749 16751 7ff7923f2d7f MessageBoxW 16749->16751 16752 7ff7923f2d6d 16749->16752 16754 7ff7923fc5c0 _log10_special 8 API calls 16751->16754 16753 7ff7923f26b0 48 API calls 16752->16753 16753->16751 16755 7ff7923f2daf 16754->16755 16755->16443 16757 7ff7923f93b0 GetFinalPathNameByHandleW CloseHandle 16756->16757 16758 7ff7923f3730 16756->16758 16757->16758 16758->16439 16758->16442 16760 7ff7923f2834 16759->16760 16761 7ff7923f26b0 48 API calls 16760->16761 16762 7ff7923f2887 16761->16762 16763 7ff792404c48 48 API calls 16762->16763 16764 7ff7923f28d0 MessageBoxW 16763->16764 16765 7ff7923fc5c0 _log10_special 8 API calls 16764->16765 16766 7ff7923f2900 16765->16766 16766->16443 16768 7ff7923f94da WideCharToMultiByte 16767->16768 16771 7ff7923f9505 16767->16771 16770 7ff7923f951b __std_exception_destroy 16768->16770 16768->16771 16769 7ff7923f9522 WideCharToMultiByte 16769->16770 16770->16436 16771->16769 16771->16770 16773 7ff7923f26d5 16772->16773 16774 7ff792404c48 48 API calls 16773->16774 16775 7ff7923f26f8 16774->16775 16775->16745 16777 7ff792404ca2 16776->16777 16778 7ff792404cc7 16777->16778 16780 7ff792404d03 16777->16780 16779 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16778->16779 16793 7ff792404cf1 16779->16793 16794 7ff792403000 16780->16794 16782 7ff792404de4 16784 7ff79240a9b8 __free_lconv_mon 11 API calls 16782->16784 16783 7ff7923fc5c0 _log10_special 8 API calls 16785 7ff7923f2d04 16783->16785 16784->16793 16785->16748 16787 7ff792404e0a 16787->16782 16789 7ff792404e14 16787->16789 16788 7ff792404db9 16790 7ff79240a9b8 __free_lconv_mon 11 API calls 16788->16790 16792 7ff79240a9b8 __free_lconv_mon 11 API calls 16789->16792 16790->16793 16791 7ff792404db0 16791->16782 16791->16788 16792->16793 16793->16783 16795 7ff79240303e 16794->16795 16796 7ff79240302e 16794->16796 16797 7ff792403047 16795->16797 16802 7ff792403075 16795->16802 16798 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16796->16798 16799 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16797->16799 16800 7ff79240306d 16798->16800 16799->16800 16800->16782 16800->16787 16800->16788 16800->16791 16802->16796 16802->16800 16805 7ff792403a14 16802->16805 16838 7ff792403460 16802->16838 16875 7ff792402bf0 16802->16875 16806 7ff792403a56 16805->16806 16807 7ff792403ac7 16805->16807 16808 7ff792403af1 16806->16808 16809 7ff792403a5c 16806->16809 16810 7ff792403b20 16807->16810 16811 7ff792403acc 16807->16811 16898 7ff792401dc4 16808->16898 16812 7ff792403a61 16809->16812 16813 7ff792403a90 16809->16813 16817 7ff792403b37 16810->16817 16819 7ff792403b2a 16810->16819 16824 7ff792403b2f 16810->16824 16814 7ff792403b01 16811->16814 16815 7ff792403ace 16811->16815 16812->16817 16820 7ff792403a67 16812->16820 16813->16820 16813->16824 16905 7ff7924019b4 16814->16905 16818 7ff792403a70 16815->16818 16827 7ff792403add 16815->16827 16912 7ff79240471c 16817->16912 16837 7ff792403b60 16818->16837 16878 7ff7924041c8 16818->16878 16819->16808 16819->16824 16820->16818 16825 7ff792403aa2 16820->16825 16834 7ff792403a8b 16820->16834 16824->16837 16916 7ff7924021d4 16824->16916 16825->16837 16888 7ff792404504 16825->16888 16827->16808 16829 7ff792403ae2 16827->16829 16829->16837 16894 7ff7924045c8 16829->16894 16830 7ff7923fc5c0 _log10_special 8 API calls 16832 7ff792403e5a 16830->16832 16832->16802 16836 7ff792403d4c 16834->16836 16834->16837 16923 7ff792404830 16834->16923 16836->16837 16929 7ff79240ea78 16836->16929 16837->16830 16839 7ff792403484 16838->16839 16840 7ff79240346e 16838->16840 16841 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16839->16841 16844 7ff7924034c4 16839->16844 16842 7ff792403a56 16840->16842 16843 7ff792403ac7 16840->16843 16840->16844 16841->16844 16845 7ff792403af1 16842->16845 16846 7ff792403a5c 16842->16846 16847 7ff792403b20 16843->16847 16848 7ff792403acc 16843->16848 16844->16802 16853 7ff792401dc4 38 API calls 16845->16853 16849 7ff792403a61 16846->16849 16850 7ff792403a90 16846->16850 16854 7ff792403b37 16847->16854 16856 7ff792403b2a 16847->16856 16860 7ff792403b2f 16847->16860 16851 7ff792403b01 16848->16851 16852 7ff792403ace 16848->16852 16849->16854 16857 7ff792403a67 16849->16857 16850->16857 16850->16860 16858 7ff7924019b4 38 API calls 16851->16858 16855 7ff792403a70 16852->16855 16864 7ff792403add 16852->16864 16871 7ff792403a8b 16853->16871 16861 7ff79240471c 45 API calls 16854->16861 16859 7ff7924041c8 47 API calls 16855->16859 16874 7ff792403b60 16855->16874 16856->16845 16856->16860 16857->16855 16862 7ff792403aa2 16857->16862 16857->16871 16858->16871 16859->16871 16863 7ff7924021d4 38 API calls 16860->16863 16860->16874 16861->16871 16865 7ff792404504 46 API calls 16862->16865 16862->16874 16863->16871 16864->16845 16866 7ff792403ae2 16864->16866 16865->16871 16868 7ff7924045c8 37 API calls 16866->16868 16866->16874 16867 7ff7923fc5c0 _log10_special 8 API calls 16869 7ff792403e5a 16867->16869 16868->16871 16869->16802 16870 7ff792404830 45 API calls 16873 7ff792403d4c 16870->16873 16871->16870 16871->16873 16871->16874 16872 7ff79240ea78 46 API calls 16872->16873 16873->16872 16873->16874 16874->16867 17123 7ff792401038 16875->17123 16879 7ff7924041ee 16878->16879 16941 7ff792400bf0 16879->16941 16884 7ff792404830 45 API calls 16887 7ff792404333 16884->16887 16885 7ff792404830 45 API calls 16886 7ff7924043c1 16885->16886 16886->16834 16887->16885 16887->16886 16887->16887 16889 7ff792404539 16888->16889 16890 7ff792404557 16889->16890 16891 7ff79240457e 16889->16891 16892 7ff792404830 45 API calls 16889->16892 16893 7ff79240ea78 46 API calls 16890->16893 16891->16834 16892->16890 16893->16891 16897 7ff7924045e9 16894->16897 16895 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16896 7ff79240461a 16895->16896 16896->16834 16897->16895 16897->16896 16899 7ff792401df7 16898->16899 16900 7ff792401e26 16899->16900 16902 7ff792401ee3 16899->16902 16904 7ff792401e63 16900->16904 17077 7ff792400c98 16900->17077 16903 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16902->16903 16903->16904 16904->16834 16906 7ff7924019e7 16905->16906 16907 7ff792401a16 16906->16907 16909 7ff792401ad3 16906->16909 16908 7ff792400c98 12 API calls 16907->16908 16911 7ff792401a53 16907->16911 16908->16911 16910 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16909->16910 16910->16911 16911->16834 16913 7ff79240475f 16912->16913 16915 7ff792404763 __crtLCMapStringW 16913->16915 17085 7ff7924047b8 16913->17085 16915->16834 16917 7ff792402207 16916->16917 16918 7ff792402236 16917->16918 16920 7ff7924022f3 16917->16920 16919 7ff792400c98 12 API calls 16918->16919 16922 7ff792402273 16918->16922 16919->16922 16921 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16920->16921 16921->16922 16922->16834 16924 7ff792404847 16923->16924 17089 7ff79240da28 16924->17089 16930 7ff79240eab7 16929->16930 16932 7ff79240eaa9 16929->16932 16930->16836 16931 7ff79240ead7 16934 7ff79240eae8 16931->16934 16935 7ff79240eb0f 16931->16935 16932->16930 16932->16931 16933 7ff792404830 45 API calls 16932->16933 16933->16931 17113 7ff792410110 16934->17113 16935->16930 16937 7ff79240eb39 16935->16937 16938 7ff79240eb9a 16935->16938 16937->16930 17116 7ff79240f910 16937->17116 16939 7ff79240f910 _fread_nolock MultiByteToWideChar 16938->16939 16939->16930 16942 7ff792400c27 16941->16942 16948 7ff792400c16 16941->16948 16943 7ff79240d66c _fread_nolock 12 API calls 16942->16943 16942->16948 16944 7ff792400c54 16943->16944 16945 7ff79240a9b8 __free_lconv_mon 11 API calls 16944->16945 16947 7ff792400c68 16944->16947 16945->16947 16946 7ff79240a9b8 __free_lconv_mon 11 API calls 16946->16948 16947->16946 16949 7ff79240e5e0 16948->16949 16950 7ff79240e5fd 16949->16950 16951 7ff79240e630 16949->16951 16952 7ff79240a884 _invalid_parameter_noinfo 37 API calls 16950->16952 16951->16950 16953 7ff79240e662 16951->16953 16962 7ff792404311 16952->16962 16957 7ff79240e775 16953->16957 16966 7ff79240e6aa 16953->16966 16954 7ff79240e867 17004 7ff79240dacc 16954->17004 16956 7ff79240e82d 16997 7ff79240de64 16956->16997 16957->16954 16957->16956 16958 7ff79240e7fc 16957->16958 16960 7ff79240e7bf 16957->16960 16963 7ff79240e7b5 16957->16963 16990 7ff79240e144 16958->16990 16980 7ff79240e374 16960->16980 16962->16884 16962->16887 16963->16956 16965 7ff79240e7ba 16963->16965 16965->16958 16965->16960 16966->16962 16971 7ff79240a514 16966->16971 16969 7ff79240a970 _isindst 17 API calls 16970 7ff79240e8c4 16969->16970 16972 7ff79240a52b 16971->16972 16973 7ff79240a521 16971->16973 16974 7ff792404f78 _get_daylight 11 API calls 16972->16974 16973->16972 16978 7ff79240a546 16973->16978 16975 7ff79240a532 16974->16975 16976 7ff79240a950 _invalid_parameter_noinfo 37 API calls 16975->16976 16977 7ff79240a53e 16976->16977 16977->16962 16977->16969 16978->16977 16979 7ff792404f78 _get_daylight 11 API calls 16978->16979 16979->16975 17013 7ff79241411c 16980->17013 16984 7ff79240e420 16984->16962 16985 7ff79240e471 17066 7ff79240df60 16985->17066 16986 7ff79240e41c 16986->16984 16986->16985 16987 7ff79240e43c 16986->16987 17062 7ff79240e21c 16987->17062 16991 7ff79241411c 38 API calls 16990->16991 16992 7ff79240e18e 16991->16992 16993 7ff792413b64 37 API calls 16992->16993 16994 7ff79240e1de 16993->16994 16995 7ff79240e1e2 16994->16995 16996 7ff79240e21c 45 API calls 16994->16996 16995->16962 16996->16995 16998 7ff79241411c 38 API calls 16997->16998 16999 7ff79240deaf 16998->16999 17000 7ff792413b64 37 API calls 16999->17000 17001 7ff79240df07 17000->17001 17002 7ff79240df0b 17001->17002 17003 7ff79240df60 45 API calls 17001->17003 17002->16962 17003->17002 17005 7ff79240db11 17004->17005 17006 7ff79240db44 17004->17006 17008 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17005->17008 17007 7ff79240db5c 17006->17007 17011 7ff79240dbdd 17006->17011 17009 7ff79240de64 46 API calls 17007->17009 17010 7ff79240db3d __scrt_get_show_window_mode 17008->17010 17009->17010 17010->16962 17011->17010 17012 7ff792404830 45 API calls 17011->17012 17012->17010 17014 7ff79241416f fegetenv 17013->17014 17015 7ff792417e9c 37 API calls 17014->17015 17019 7ff7924141c2 17015->17019 17016 7ff7924142b2 17018 7ff792417e9c 37 API calls 17016->17018 17017 7ff7924141ef 17021 7ff79240a514 __std_exception_copy 37 API calls 17017->17021 17020 7ff7924142dc 17018->17020 17019->17016 17022 7ff7924141dd 17019->17022 17023 7ff79241428c 17019->17023 17024 7ff792417e9c 37 API calls 17020->17024 17025 7ff79241426d 17021->17025 17022->17016 17022->17017 17027 7ff79240a514 __std_exception_copy 37 API calls 17023->17027 17028 7ff7924142ed 17024->17028 17026 7ff792415394 17025->17026 17033 7ff792414275 17025->17033 17029 7ff79240a970 _isindst 17 API calls 17026->17029 17027->17025 17030 7ff792418090 20 API calls 17028->17030 17031 7ff7924153a9 17029->17031 17040 7ff792414356 __scrt_get_show_window_mode 17030->17040 17032 7ff7923fc5c0 _log10_special 8 API calls 17034 7ff79240e3c1 17032->17034 17033->17032 17058 7ff792413b64 17034->17058 17035 7ff7924146ff __scrt_get_show_window_mode 17036 7ff792414a3f 17037 7ff792413c80 37 API calls 17036->17037 17044 7ff792415157 17037->17044 17038 7ff7924149eb 17038->17036 17041 7ff7924153ac memcpy_s 37 API calls 17038->17041 17039 7ff792414397 memcpy_s 17051 7ff792414cdb memcpy_s __scrt_get_show_window_mode 17039->17051 17055 7ff7924147f3 memcpy_s __scrt_get_show_window_mode 17039->17055 17040->17035 17040->17039 17042 7ff792404f78 _get_daylight 11 API calls 17040->17042 17041->17036 17043 7ff7924147d0 17042->17043 17045 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17043->17045 17046 7ff7924153ac memcpy_s 37 API calls 17044->17046 17057 7ff7924151b2 17044->17057 17045->17039 17046->17057 17047 7ff792415338 17048 7ff792417e9c 37 API calls 17047->17048 17048->17033 17049 7ff792404f78 11 API calls _get_daylight 17049->17055 17050 7ff792404f78 11 API calls _get_daylight 17050->17051 17051->17036 17051->17038 17051->17050 17053 7ff79240a950 37 API calls _invalid_parameter_noinfo 17051->17053 17052 7ff792413c80 37 API calls 17052->17057 17053->17051 17054 7ff79240a950 37 API calls _invalid_parameter_noinfo 17054->17055 17055->17038 17055->17049 17055->17054 17056 7ff7924153ac memcpy_s 37 API calls 17056->17057 17057->17047 17057->17052 17057->17056 17059 7ff792413b83 17058->17059 17060 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17059->17060 17061 7ff792413bae memcpy_s 17059->17061 17060->17061 17061->16986 17063 7ff79240e248 memcpy_s 17062->17063 17064 7ff792404830 45 API calls 17063->17064 17065 7ff79240e302 memcpy_s __scrt_get_show_window_mode 17063->17065 17064->17065 17065->16984 17067 7ff79240df9b 17066->17067 17072 7ff79240dfe8 memcpy_s 17066->17072 17068 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17067->17068 17069 7ff79240dfc7 17068->17069 17069->16984 17070 7ff79240e053 17071 7ff79240a514 __std_exception_copy 37 API calls 17070->17071 17076 7ff79240e095 memcpy_s 17071->17076 17072->17070 17073 7ff792404830 45 API calls 17072->17073 17073->17070 17074 7ff79240a970 _isindst 17 API calls 17075 7ff79240e140 17074->17075 17076->17074 17078 7ff792400ccf 17077->17078 17084 7ff792400cbe 17077->17084 17079 7ff79240d66c _fread_nolock 12 API calls 17078->17079 17078->17084 17080 7ff792400d00 17079->17080 17081 7ff792400d14 17080->17081 17082 7ff79240a9b8 __free_lconv_mon 11 API calls 17080->17082 17083 7ff79240a9b8 __free_lconv_mon 11 API calls 17081->17083 17082->17081 17083->17084 17084->16904 17086 7ff7924047d6 17085->17086 17087 7ff7924047de 17085->17087 17088 7ff792404830 45 API calls 17086->17088 17087->16915 17088->17087 17090 7ff79240486f 17089->17090 17091 7ff79240da41 17089->17091 17093 7ff79240da94 17090->17093 17091->17090 17097 7ff792413374 17091->17097 17094 7ff79240daad 17093->17094 17095 7ff79240487f 17093->17095 17094->17095 17110 7ff7924126c0 17094->17110 17095->16836 17098 7ff79240b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17097->17098 17099 7ff792413383 17098->17099 17100 7ff7924133ce 17099->17100 17109 7ff792410348 EnterCriticalSection 17099->17109 17100->17090 17111 7ff79240b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17110->17111 17112 7ff7924126c9 17111->17112 17119 7ff792416df8 17113->17119 17118 7ff79240f919 MultiByteToWideChar 17116->17118 17121 7ff792416e5c 17119->17121 17120 7ff7923fc5c0 _log10_special 8 API calls 17122 7ff79241012d 17120->17122 17121->17120 17122->16930 17124 7ff79240107f 17123->17124 17125 7ff79240106d 17123->17125 17127 7ff79240108d 17124->17127 17132 7ff7924010c9 17124->17132 17126 7ff792404f78 _get_daylight 11 API calls 17125->17126 17128 7ff792401072 17126->17128 17129 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17127->17129 17130 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17128->17130 17136 7ff79240107d 17129->17136 17130->17136 17131 7ff792401445 17133 7ff792404f78 _get_daylight 11 API calls 17131->17133 17131->17136 17132->17131 17134 7ff792404f78 _get_daylight 11 API calls 17132->17134 17137 7ff7924016d9 17133->17137 17135 7ff79240143a 17134->17135 17138 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17135->17138 17136->16802 17139 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17137->17139 17138->17131 17139->17136 17141 7ff792400774 17140->17141 17168 7ff7924004d4 17141->17168 17143 7ff79240078d 17143->16455 17180 7ff79240042c 17144->17180 17148 7ff7923fc8c0 17147->17148 17149 7ff7923f2930 GetCurrentProcessId 17148->17149 17150 7ff7923f1c80 49 API calls 17149->17150 17151 7ff7923f2979 17150->17151 17194 7ff7924049f4 17151->17194 17156 7ff7923f1c80 49 API calls 17157 7ff7923f29ff 17156->17157 17224 7ff7923f2620 17157->17224 17160 7ff7923fc5c0 _log10_special 8 API calls 17161 7ff7923f2a31 17160->17161 17161->16494 17163 7ff792400189 17162->17163 17167 7ff7923f1b89 17162->17167 17164 7ff792404f78 _get_daylight 11 API calls 17163->17164 17165 7ff79240018e 17164->17165 17166 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17165->17166 17166->17167 17167->16493 17167->16494 17169 7ff79240053e 17168->17169 17170 7ff7924004fe 17168->17170 17169->17170 17172 7ff79240054a 17169->17172 17171 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17170->17171 17174 7ff792400525 17171->17174 17179 7ff7924054dc EnterCriticalSection 17172->17179 17174->17143 17181 7ff792400456 17180->17181 17192 7ff7923f1a20 17180->17192 17182 7ff792400465 __scrt_get_show_window_mode 17181->17182 17183 7ff7924004a2 17181->17183 17181->17192 17186 7ff792404f78 _get_daylight 11 API calls 17182->17186 17193 7ff7924054dc EnterCriticalSection 17183->17193 17188 7ff79240047a 17186->17188 17189 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17188->17189 17189->17192 17192->16463 17192->16464 17198 7ff792404a4e 17194->17198 17195 7ff792404a73 17196 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17195->17196 17211 7ff792404a9d 17196->17211 17197 7ff792404aaf 17233 7ff792402c80 17197->17233 17198->17195 17198->17197 17201 7ff7923fc5c0 _log10_special 8 API calls 17204 7ff7923f29c3 17201->17204 17202 7ff79240a9b8 __free_lconv_mon 11 API calls 17202->17211 17203 7ff792404b58 17205 7ff792404b8c 17203->17205 17206 7ff792404b61 17203->17206 17212 7ff7924051d0 17204->17212 17205->17202 17209 7ff79240a9b8 __free_lconv_mon 11 API calls 17206->17209 17207 7ff792404bb0 17207->17205 17208 7ff792404bba 17207->17208 17210 7ff79240a9b8 __free_lconv_mon 11 API calls 17208->17210 17209->17211 17210->17211 17211->17201 17213 7ff79240b338 _get_daylight 11 API calls 17212->17213 17214 7ff7924051e7 17213->17214 17215 7ff7923f29e5 17214->17215 17216 7ff79240ec08 _get_daylight 11 API calls 17214->17216 17218 7ff792405227 17214->17218 17215->17156 17217 7ff79240521c 17216->17217 17219 7ff79240a9b8 __free_lconv_mon 11 API calls 17217->17219 17218->17215 17371 7ff79240ec90 17218->17371 17219->17218 17222 7ff79240a970 _isindst 17 API calls 17223 7ff79240526c 17222->17223 17225 7ff7923f262f 17224->17225 17226 7ff7923f9400 2 API calls 17225->17226 17227 7ff7923f2660 17226->17227 17228 7ff7923f2683 MessageBoxA 17227->17228 17229 7ff7923f266f MessageBoxW 17227->17229 17230 7ff7923f2690 17228->17230 17229->17230 17231 7ff7923fc5c0 _log10_special 8 API calls 17230->17231 17232 7ff7923f26a0 17231->17232 17232->17160 17234 7ff792402cbe 17233->17234 17235 7ff792402cae 17233->17235 17236 7ff792402cc7 17234->17236 17245 7ff792402cf5 17234->17245 17238 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17235->17238 17239 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17236->17239 17237 7ff792402ced 17237->17203 17237->17205 17237->17206 17237->17207 17238->17237 17239->17237 17240 7ff792404830 45 API calls 17240->17245 17242 7ff792402fa4 17244 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17242->17244 17244->17235 17245->17235 17245->17237 17245->17240 17245->17242 17247 7ff792403610 17245->17247 17273 7ff7924032d8 17245->17273 17303 7ff792402b60 17245->17303 17248 7ff7924036c5 17247->17248 17249 7ff792403652 17247->17249 17250 7ff79240371f 17248->17250 17251 7ff7924036ca 17248->17251 17252 7ff7924036ef 17249->17252 17253 7ff792403658 17249->17253 17250->17252 17263 7ff79240372e 17250->17263 17271 7ff792403688 17250->17271 17254 7ff7924036ff 17251->17254 17255 7ff7924036cc 17251->17255 17320 7ff792401bc0 17252->17320 17260 7ff79240365d 17253->17260 17253->17263 17327 7ff7924017b0 17254->17327 17256 7ff79240366d 17255->17256 17262 7ff7924036db 17255->17262 17272 7ff79240375d 17256->17272 17306 7ff792403f74 17256->17306 17260->17256 17261 7ff7924036a0 17260->17261 17260->17271 17261->17272 17316 7ff792404430 17261->17316 17262->17252 17265 7ff7924036e0 17262->17265 17263->17272 17334 7ff792401fd0 17263->17334 17268 7ff7924045c8 37 API calls 17265->17268 17265->17272 17267 7ff7923fc5c0 _log10_special 8 API calls 17269 7ff7924039f3 17267->17269 17268->17271 17269->17245 17271->17272 17341 7ff79240e8c8 17271->17341 17272->17267 17274 7ff7924032e3 17273->17274 17275 7ff7924032f9 17273->17275 17276 7ff792403337 17274->17276 17277 7ff7924036c5 17274->17277 17278 7ff792403652 17274->17278 17275->17276 17279 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17275->17279 17276->17245 17280 7ff79240371f 17277->17280 17281 7ff7924036ca 17277->17281 17282 7ff7924036ef 17278->17282 17283 7ff792403658 17278->17283 17279->17276 17280->17282 17292 7ff79240372e 17280->17292 17301 7ff792403688 17280->17301 17284 7ff7924036ff 17281->17284 17285 7ff7924036cc 17281->17285 17287 7ff792401bc0 38 API calls 17282->17287 17290 7ff79240365d 17283->17290 17283->17292 17288 7ff7924017b0 38 API calls 17284->17288 17286 7ff79240366d 17285->17286 17294 7ff7924036db 17285->17294 17289 7ff792403f74 47 API calls 17286->17289 17302 7ff79240375d 17286->17302 17287->17301 17288->17301 17289->17301 17290->17286 17291 7ff7924036a0 17290->17291 17290->17301 17295 7ff792404430 47 API calls 17291->17295 17291->17302 17293 7ff792401fd0 38 API calls 17292->17293 17292->17302 17293->17301 17294->17282 17296 7ff7924036e0 17294->17296 17295->17301 17298 7ff7924045c8 37 API calls 17296->17298 17296->17302 17297 7ff7923fc5c0 _log10_special 8 API calls 17299 7ff7924039f3 17297->17299 17298->17301 17299->17245 17300 7ff79240e8c8 47 API calls 17300->17301 17301->17300 17301->17302 17302->17297 17354 7ff792400d84 17303->17354 17307 7ff792403f96 17306->17307 17308 7ff792400bf0 12 API calls 17307->17308 17309 7ff792403fde 17308->17309 17310 7ff79240e5e0 46 API calls 17309->17310 17311 7ff7924040b1 17310->17311 17312 7ff792404830 45 API calls 17311->17312 17313 7ff7924040d3 17311->17313 17312->17313 17314 7ff792404830 45 API calls 17313->17314 17315 7ff79240415c 17313->17315 17314->17315 17315->17271 17317 7ff792404448 17316->17317 17319 7ff7924044b0 17316->17319 17318 7ff79240e8c8 47 API calls 17317->17318 17317->17319 17318->17319 17319->17271 17321 7ff792401bf3 17320->17321 17322 7ff792401c22 17321->17322 17324 7ff792401cdf 17321->17324 17323 7ff792400bf0 12 API calls 17322->17323 17326 7ff792401c5f 17322->17326 17323->17326 17325 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17324->17325 17325->17326 17326->17271 17329 7ff7924017e3 17327->17329 17328 7ff792401812 17330 7ff792400bf0 12 API calls 17328->17330 17333 7ff79240184f 17328->17333 17329->17328 17331 7ff7924018cf 17329->17331 17330->17333 17332 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17331->17332 17332->17333 17333->17271 17335 7ff792402003 17334->17335 17336 7ff792402032 17335->17336 17338 7ff7924020ef 17335->17338 17337 7ff792400bf0 12 API calls 17336->17337 17340 7ff79240206f 17336->17340 17337->17340 17339 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17338->17339 17339->17340 17340->17271 17343 7ff79240e8f0 17341->17343 17342 7ff79240e935 17347 7ff79240e8f5 __scrt_get_show_window_mode 17342->17347 17350 7ff79240e91e __scrt_get_show_window_mode 17342->17350 17351 7ff792410858 17342->17351 17343->17342 17344 7ff792404830 45 API calls 17343->17344 17343->17347 17343->17350 17344->17342 17345 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17345->17347 17347->17271 17350->17345 17350->17347 17353 7ff79241087c WideCharToMultiByte 17351->17353 17355 7ff792400dc3 17354->17355 17356 7ff792400db1 17354->17356 17359 7ff792400dd0 17355->17359 17362 7ff792400e0d 17355->17362 17357 7ff792404f78 _get_daylight 11 API calls 17356->17357 17358 7ff792400db6 17357->17358 17360 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17358->17360 17361 7ff79240a884 _invalid_parameter_noinfo 37 API calls 17359->17361 17364 7ff792400dc1 17360->17364 17361->17364 17363 7ff792400eb6 17362->17363 17365 7ff792404f78 _get_daylight 11 API calls 17362->17365 17363->17364 17366 7ff792404f78 _get_daylight 11 API calls 17363->17366 17364->17245 17367 7ff792400eab 17365->17367 17368 7ff792400f60 17366->17368 17369 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17367->17369 17370 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17368->17370 17369->17363 17370->17364 17375 7ff79240ecad 17371->17375 17372 7ff79240ecb2 17373 7ff79240524d 17372->17373 17374 7ff792404f78 _get_daylight 11 API calls 17372->17374 17373->17215 17373->17222 17376 7ff79240ecbc 17374->17376 17375->17372 17375->17373 17378 7ff79240ecfc 17375->17378 17377 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17376->17377 17377->17373 17378->17373 17379 7ff792404f78 _get_daylight 11 API calls 17378->17379 17379->17376 17381 7ff7923f8823 __std_exception_destroy 17380->17381 17382 7ff7923f87a1 GetTokenInformation 17380->17382 17384 7ff7923f8836 CloseHandle 17381->17384 17385 7ff7923f883c 17381->17385 17383 7ff7923f87c2 GetLastError 17382->17383 17386 7ff7923f87cd 17382->17386 17383->17381 17383->17386 17384->17385 17385->16512 17386->17381 17387 7ff7923f87e9 GetTokenInformation 17386->17387 17387->17381 17388 7ff7923f880c 17387->17388 17388->17381 17389 7ff7923f8816 ConvertSidToStringSidW 17388->17389 17389->17381 17391 7ff7923fc8c0 17390->17391 17392 7ff7923f2b74 GetCurrentProcessId 17391->17392 17393 7ff7923f26b0 48 API calls 17392->17393 17394 7ff7923f2bc7 17393->17394 17395 7ff792404c48 48 API calls 17394->17395 17396 7ff7923f2c10 MessageBoxW 17395->17396 17397 7ff7923fc5c0 _log10_special 8 API calls 17396->17397 17398 7ff7923f2c40 17397->17398 17398->16523 17400 7ff7923f25e5 17399->17400 17401 7ff792404c48 48 API calls 17400->17401 17402 7ff7923f2604 17401->17402 17402->16537 17448 7ff792408804 17403->17448 17407 7ff7923f81cc 17406->17407 17408 7ff7923f9400 2 API calls 17407->17408 17409 7ff7923f81eb 17408->17409 17410 7ff7923f8206 ExpandEnvironmentStringsW 17409->17410 17411 7ff7923f81f3 17409->17411 17413 7ff7923f822c __std_exception_destroy 17410->17413 17412 7ff7923f2810 49 API calls 17411->17412 17414 7ff7923f81ff __std_exception_destroy 17412->17414 17415 7ff7923f8243 17413->17415 17416 7ff7923f8230 17413->17416 17489 7ff7924115c8 17448->17489 17548 7ff792411340 17489->17548 17696 7ff7923f455a 17695->17696 17697 7ff7923f9400 2 API calls 17696->17697 17698 7ff7923f457f 17697->17698 17699 7ff7923fc5c0 _log10_special 8 API calls 17698->17699 17700 7ff7923f45a7 17699->17700 17700->16564 17703 7ff7923f7e1e 17701->17703 17702 7ff7923f7f42 17705 7ff7923fc5c0 _log10_special 8 API calls 17702->17705 17703->17702 17704 7ff7923f1c80 49 API calls 17703->17704 17708 7ff7923f7ea5 17704->17708 17706 7ff7923f7f73 17705->17706 17706->16564 17707 7ff7923f1c80 49 API calls 17707->17708 17708->17702 17708->17707 17709 7ff7923f4550 10 API calls 17708->17709 17710 7ff7923f9400 2 API calls 17708->17710 17709->17708 17711 7ff7923f7f13 CreateDirectoryW 17710->17711 17711->17702 17711->17708 17713 7ff7923f1613 17712->17713 17714 7ff7923f1637 17712->17714 17833 7ff7923f1050 17713->17833 17716 7ff7923f45b0 108 API calls 17714->17716 17718 7ff7923f164b 17716->17718 17717 7ff7923f1618 17719 7ff7923f162e 17717->17719 17724 7ff7923f2710 54 API calls 17717->17724 17720 7ff7923f1653 17718->17720 17721 7ff7923f1682 17718->17721 17719->16564 17722 7ff792404f78 _get_daylight 11 API calls 17720->17722 17723 7ff7923f45b0 108 API calls 17721->17723 17725 7ff7923f1658 17722->17725 17726 7ff7923f1696 17723->17726 17724->17719 17727 7ff7923f2910 54 API calls 17725->17727 17728 7ff7923f169e 17726->17728 17729 7ff7923f16b8 17726->17729 17730 7ff7923f1671 17727->17730 17731 7ff7923f2710 54 API calls 17728->17731 17732 7ff792400744 73 API calls 17729->17732 17730->16564 17733 7ff7923f16ae 17731->17733 17734 7ff7923f16cd 17732->17734 17761 7ff7923f717b 17760->17761 17763 7ff7923f7134 17760->17763 17761->16564 17763->17761 17897 7ff792405094 17763->17897 17765 7ff7923f4191 17764->17765 17766 7ff7923f44d0 49 API calls 17765->17766 17767 7ff7923f41cb 17766->17767 17768 7ff7923f44d0 49 API calls 17767->17768 17769 7ff7923f41db 17768->17769 17770 7ff7923f41fd 17769->17770 17771 7ff7923f422c 17769->17771 17928 7ff7923f4100 17770->17928 17773 7ff7923f4100 51 API calls 17771->17773 17774 7ff7923f422a 17773->17774 17775 7ff7923f428c 17774->17775 17776 7ff7923f4257 17774->17776 17809 7ff7923f1c80 49 API calls 17808->17809 17810 7ff7923f4464 17809->17810 17810->16564 17834 7ff7923f45b0 108 API calls 17833->17834 17835 7ff7923f108c 17834->17835 17836 7ff7923f1094 17835->17836 17837 7ff7923f10a9 17835->17837 17838 7ff7923f2710 54 API calls 17836->17838 17839 7ff792400744 73 API calls 17837->17839 17845 7ff7923f10a4 __std_exception_destroy 17838->17845 17840 7ff7923f10bf 17839->17840 17841 7ff7923f10e6 17840->17841 17842 7ff7923f10c3 17840->17842 17847 7ff7923f1122 17841->17847 17848 7ff7923f10f7 17841->17848 17843 7ff792404f78 _get_daylight 11 API calls 17842->17843 17845->17717 17898 7ff7924050a1 17897->17898 17899 7ff7924050ce 17897->17899 17901 7ff792404f78 _get_daylight 11 API calls 17898->17901 17909 7ff792405058 17898->17909 17900 7ff7924050f1 17899->17900 17903 7ff79240510d 17899->17903 17902 7ff792404f78 _get_daylight 11 API calls 17900->17902 17904 7ff7924050ab 17901->17904 17905 7ff7924050f6 17902->17905 17912 7ff792404fbc 17903->17912 17907 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17904->17907 17910 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17905->17910 17908 7ff7924050b6 17907->17908 17908->17763 17909->17763 17911 7ff792405101 17910->17911 17911->17763 17913 7ff792404fe0 17912->17913 17919 7ff792404fdb 17912->17919 17914 7ff79240b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17913->17914 17913->17919 17915 7ff792404ffb 17914->17915 17920 7ff79240d9f4 17915->17920 17919->17911 17921 7ff79240da09 17920->17921 17922 7ff79240501e 17920->17922 17921->17922 17929 7ff7923f4126 17928->17929 17930 7ff7924049f4 49 API calls 17929->17930 17992 7ff792405f38 17991->17992 17993 7ff792405f5e 17992->17993 17996 7ff792405f91 17992->17996 17994 7ff792404f78 _get_daylight 11 API calls 17993->17994 17995 7ff792405f63 17994->17995 17997 7ff79240a950 _invalid_parameter_noinfo 37 API calls 17995->17997 17998 7ff792405fa4 17996->17998 17999 7ff792405f97 17996->17999 18001 7ff7923f4606 17997->18001 18010 7ff79240ac98 17998->18010 18002 7ff792404f78 _get_daylight 11 API calls 17999->18002 18001->16600 18002->18001 18023 7ff792410348 EnterCriticalSection 18010->18023 18383 7ff792407968 18382->18383 18386 7ff792407444 18383->18386 18385 7ff792407981 18385->16610 18387 7ff79240745f 18386->18387 18388 7ff79240748e 18386->18388 18389 7ff79240a884 _invalid_parameter_noinfo 37 API calls 18387->18389 18396 7ff7924054dc EnterCriticalSection 18388->18396 18393 7ff79240747f 18389->18393 18393->18385 18398 7ff7923ffeb3 18397->18398 18399 7ff7923ffee1 18397->18399 18400 7ff79240a884 _invalid_parameter_noinfo 37 API calls 18398->18400 18406 7ff7923ffed3 18399->18406 18407 7ff7924054dc EnterCriticalSection 18399->18407 18400->18406 18406->16614 18409 7ff7923f45b0 108 API calls 18408->18409 18410 7ff7923f1493 18409->18410 18411 7ff7923f149b 18410->18411 18412 7ff7923f14bc 18410->18412 18414 7ff7923f2710 54 API calls 18411->18414 18413 7ff792400744 73 API calls 18412->18413 18415 7ff7923f14d1 18413->18415 18416 7ff7923f14ab 18414->18416 18515 7ff7923f6365 18514->18515 18516 7ff7923f1c80 49 API calls 18515->18516 18517 7ff7923f63a1 18516->18517 18518 7ff7923f63cd 18517->18518 18519 7ff7923f63aa 18517->18519 18521 7ff7923f4620 49 API calls 18518->18521 18520 7ff7923f2710 54 API calls 18519->18520 18522 7ff7923f63c3 18520->18522 18523 7ff7923f63e5 18521->18523 18526 7ff7923fc5c0 _log10_special 8 API calls 18522->18526 18524 7ff7923f6403 18523->18524 18527 7ff7923f2710 54 API calls 18523->18527 18525 7ff7923f4550 10 API calls 18524->18525 18528 7ff7923f640d 18525->18528 18529 7ff7923f336e 18526->18529 18527->18524 18530 7ff7923f641b 18528->18530 18531 7ff7923f9070 3 API calls 18528->18531 18529->16716 18545 7ff7923f64f0 18529->18545 18531->18530 18804 7ff79240548b 18803->18804 18812 7ff79240f314 18804->18812 18825 7ff792410348 EnterCriticalSection 18812->18825 19112 7ff792405340 19113 7ff79240536a 19112->19113 19114 7ff79240ec08 _get_daylight 11 API calls 19113->19114 19115 7ff792405389 19114->19115 19116 7ff79240a9b8 __free_lconv_mon 11 API calls 19115->19116 19117 7ff792405397 19116->19117 19118 7ff7924053c1 19117->19118 19119 7ff79240ec08 _get_daylight 11 API calls 19117->19119 19123 7ff7924053ca 19118->19123 19124 7ff79240f0e4 19118->19124 19121 7ff7924053b3 19119->19121 19122 7ff79240a9b8 __free_lconv_mon 11 API calls 19121->19122 19122->19118 19129 7ff79240ed80 19124->19129 19127 7ff79240f139 InitializeCriticalSectionAndSpinCount 19128 7ff79240f11f 19127->19128 19128->19118 19130 7ff79240eddd 19129->19130 19132 7ff79240edd8 __vcrt_InitializeCriticalSectionEx 19129->19132 19130->19127 19130->19128 19131 7ff79240ee0d LoadLibraryExW 19134 7ff79240eee2 19131->19134 19135 7ff79240ee32 GetLastError 19131->19135 19132->19130 19132->19131 19133 7ff79240ef02 GetProcAddress 19132->19133 19138 7ff79240ee6c LoadLibraryExW 19132->19138 19133->19130 19137 7ff79240ef13 19133->19137 19134->19133 19136 7ff79240eef9 FreeLibrary 19134->19136 19135->19132 19136->19133 19137->19130 19138->19132 19138->19134 19879 7ff7923fcbc0 19880 7ff7923fcbd0 19879->19880 19896 7ff792409c18 19880->19896 19882 7ff7923fcbdc 19902 7ff7923fceb8 19882->19902 19884 7ff7923fd19c 7 API calls 19886 7ff7923fcc75 19884->19886 19885 7ff7923fcbf4 _RTC_Initialize 19894 7ff7923fcc49 19885->19894 19907 7ff7923fd068 19885->19907 19888 7ff7923fcc09 19910 7ff792409084 19888->19910 19894->19884 19895 7ff7923fcc65 19894->19895 19897 7ff792409c29 19896->19897 19898 7ff792404f78 _get_daylight 11 API calls 19897->19898 19899 7ff792409c31 19897->19899 19900 7ff792409c40 19898->19900 19899->19882 19901 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19900->19901 19901->19899 19903 7ff7923fcec9 19902->19903 19906 7ff7923fcece __scrt_release_startup_lock 19902->19906 19904 7ff7923fd19c 7 API calls 19903->19904 19903->19906 19905 7ff7923fcf42 19904->19905 19906->19885 19935 7ff7923fd02c 19907->19935 19909 7ff7923fd071 19909->19888 19911 7ff7924090a4 19910->19911 19933 7ff7923fcc15 19910->19933 19912 7ff7924090ac 19911->19912 19913 7ff7924090c2 GetModuleFileNameW 19911->19913 19914 7ff792404f78 _get_daylight 11 API calls 19912->19914 19917 7ff7924090ed 19913->19917 19915 7ff7924090b1 19914->19915 19916 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19915->19916 19916->19933 19950 7ff792409024 19917->19950 19920 7ff792409135 19921 7ff792404f78 _get_daylight 11 API calls 19920->19921 19922 7ff79240913a 19921->19922 19923 7ff79240a9b8 __free_lconv_mon 11 API calls 19922->19923 19923->19933 19924 7ff79240916f 19926 7ff79240a9b8 __free_lconv_mon 11 API calls 19924->19926 19925 7ff79240914d 19925->19924 19927 7ff79240919b 19925->19927 19928 7ff7924091b4 19925->19928 19926->19933 19929 7ff79240a9b8 __free_lconv_mon 11 API calls 19927->19929 19931 7ff79240a9b8 __free_lconv_mon 11 API calls 19928->19931 19930 7ff7924091a4 19929->19930 19932 7ff79240a9b8 __free_lconv_mon 11 API calls 19930->19932 19931->19924 19932->19933 19933->19894 19934 7ff7923fd13c InitializeSListHead 19933->19934 19936 7ff7923fd046 19935->19936 19938 7ff7923fd03f 19935->19938 19939 7ff79240a25c 19936->19939 19938->19909 19942 7ff792409e98 19939->19942 19949 7ff792410348 EnterCriticalSection 19942->19949 19951 7ff79240903c 19950->19951 19955 7ff792409074 19950->19955 19952 7ff79240ec08 _get_daylight 11 API calls 19951->19952 19951->19955 19953 7ff79240906a 19952->19953 19954 7ff79240a9b8 __free_lconv_mon 11 API calls 19953->19954 19954->19955 19955->19920 19955->19925 16116 7ff7924099d1 16128 7ff79240a448 16116->16128 16133 7ff79240b1c0 GetLastError 16128->16133 16134 7ff79240b201 FlsSetValue 16133->16134 16135 7ff79240b1e4 FlsGetValue 16133->16135 16137 7ff79240b213 16134->16137 16153 7ff79240b1f1 16134->16153 16136 7ff79240b1fb 16135->16136 16135->16153 16136->16134 16139 7ff79240ec08 _get_daylight 11 API calls 16137->16139 16138 7ff79240b26d SetLastError 16140 7ff79240a451 16138->16140 16141 7ff79240b28d 16138->16141 16142 7ff79240b222 16139->16142 16155 7ff79240a574 16140->16155 16143 7ff79240a574 __FrameHandler3::FrameUnwindToEmptyState 38 API calls 16141->16143 16144 7ff79240b240 FlsSetValue 16142->16144 16145 7ff79240b230 FlsSetValue 16142->16145 16148 7ff79240b292 16143->16148 16146 7ff79240b24c FlsSetValue 16144->16146 16147 7ff79240b25e 16144->16147 16149 7ff79240b239 16145->16149 16146->16149 16150 7ff79240af64 _get_daylight 11 API calls 16147->16150 16151 7ff79240a9b8 __free_lconv_mon 11 API calls 16149->16151 16152 7ff79240b266 16150->16152 16151->16153 16154 7ff79240a9b8 __free_lconv_mon 11 API calls 16152->16154 16153->16138 16154->16138 16164 7ff7924136c0 16155->16164 16190 7ff792413678 16164->16190 16195 7ff792410348 EnterCriticalSection 16190->16195 20083 7ff79241ac53 20084 7ff79241ac63 20083->20084 20087 7ff7924054e8 LeaveCriticalSection 20084->20087 19142 7ff792410938 19143 7ff79241095c 19142->19143 19146 7ff79241096c 19142->19146 19144 7ff792404f78 _get_daylight 11 API calls 19143->19144 19164 7ff792410961 19144->19164 19145 7ff792410c4c 19148 7ff792404f78 _get_daylight 11 API calls 19145->19148 19146->19145 19147 7ff79241098e 19146->19147 19149 7ff7924109af 19147->19149 19273 7ff792410ff4 19147->19273 19150 7ff792410c51 19148->19150 19153 7ff792410a21 19149->19153 19155 7ff7924109d5 19149->19155 19160 7ff792410a15 19149->19160 19152 7ff79240a9b8 __free_lconv_mon 11 API calls 19150->19152 19152->19164 19157 7ff79240ec08 _get_daylight 11 API calls 19153->19157 19174 7ff7924109e4 19153->19174 19154 7ff792410ace 19163 7ff792410aeb 19154->19163 19171 7ff792410b3d 19154->19171 19288 7ff792409730 19155->19288 19161 7ff792410a37 19157->19161 19159 7ff79240a9b8 __free_lconv_mon 11 API calls 19159->19164 19160->19154 19160->19174 19294 7ff79241719c 19160->19294 19165 7ff79240a9b8 __free_lconv_mon 11 API calls 19161->19165 19168 7ff79240a9b8 __free_lconv_mon 11 API calls 19163->19168 19169 7ff792410a45 19165->19169 19166 7ff7924109fd 19166->19160 19173 7ff792410ff4 45 API calls 19166->19173 19167 7ff7924109df 19170 7ff792404f78 _get_daylight 11 API calls 19167->19170 19172 7ff792410af4 19168->19172 19169->19160 19169->19174 19177 7ff79240ec08 _get_daylight 11 API calls 19169->19177 19170->19174 19171->19174 19175 7ff79241344c 40 API calls 19171->19175 19183 7ff792410af9 19172->19183 19330 7ff79241344c 19172->19330 19173->19160 19174->19159 19176 7ff792410b7a 19175->19176 19178 7ff79240a9b8 __free_lconv_mon 11 API calls 19176->19178 19180 7ff792410a67 19177->19180 19182 7ff792410b84 19178->19182 19181 7ff79240a9b8 __free_lconv_mon 11 API calls 19180->19181 19181->19160 19182->19174 19182->19183 19184 7ff792410c40 19183->19184 19188 7ff79240ec08 _get_daylight 11 API calls 19183->19188 19186 7ff79240a9b8 __free_lconv_mon 11 API calls 19184->19186 19185 7ff792410b25 19187 7ff79240a9b8 __free_lconv_mon 11 API calls 19185->19187 19186->19164 19187->19183 19189 7ff792410bc8 19188->19189 19190 7ff792410bd9 19189->19190 19191 7ff792410bd0 19189->19191 19192 7ff79240a514 __std_exception_copy 37 API calls 19190->19192 19193 7ff79240a9b8 __free_lconv_mon 11 API calls 19191->19193 19194 7ff792410be8 19192->19194 19195 7ff792410bd7 19193->19195 19196 7ff792410c7b 19194->19196 19197 7ff792410bf0 19194->19197 19200 7ff79240a9b8 __free_lconv_mon 11 API calls 19195->19200 19199 7ff79240a970 _isindst 17 API calls 19196->19199 19339 7ff7924172b4 19197->19339 19202 7ff792410c8f 19199->19202 19200->19164 19205 7ff792410cb8 19202->19205 19211 7ff792410cc8 19202->19211 19203 7ff792410c17 19206 7ff792404f78 _get_daylight 11 API calls 19203->19206 19204 7ff792410c38 19208 7ff79240a9b8 __free_lconv_mon 11 API calls 19204->19208 19207 7ff792404f78 _get_daylight 11 API calls 19205->19207 19209 7ff792410c1c 19206->19209 19232 7ff792410cbd 19207->19232 19208->19184 19212 7ff79240a9b8 __free_lconv_mon 11 API calls 19209->19212 19210 7ff792410fab 19214 7ff792404f78 _get_daylight 11 API calls 19210->19214 19211->19210 19213 7ff792410cea 19211->19213 19212->19195 19215 7ff792410d07 19213->19215 19358 7ff7924110dc 19213->19358 19216 7ff792410fb0 19214->19216 19219 7ff792410d7b 19215->19219 19221 7ff792410d2f 19215->19221 19227 7ff792410d6f 19215->19227 19218 7ff79240a9b8 __free_lconv_mon 11 API calls 19216->19218 19218->19232 19223 7ff792410da3 19219->19223 19228 7ff79240ec08 _get_daylight 11 API calls 19219->19228 19243 7ff792410d3e 19219->19243 19220 7ff792410e2e 19230 7ff792410e4b 19220->19230 19240 7ff792410e9e 19220->19240 19373 7ff79240976c 19221->19373 19225 7ff79240ec08 _get_daylight 11 API calls 19223->19225 19223->19227 19223->19243 19231 7ff792410dc5 19225->19231 19226 7ff79240a9b8 __free_lconv_mon 11 API calls 19226->19232 19227->19220 19227->19243 19379 7ff79241705c 19227->19379 19233 7ff792410d95 19228->19233 19236 7ff79240a9b8 __free_lconv_mon 11 API calls 19230->19236 19237 7ff79240a9b8 __free_lconv_mon 11 API calls 19231->19237 19238 7ff79240a9b8 __free_lconv_mon 11 API calls 19233->19238 19234 7ff792410d57 19234->19227 19242 7ff7924110dc 45 API calls 19234->19242 19235 7ff792410d39 19239 7ff792404f78 _get_daylight 11 API calls 19235->19239 19241 7ff792410e54 19236->19241 19237->19227 19238->19223 19239->19243 19240->19243 19244 7ff79241344c 40 API calls 19240->19244 19247 7ff79241344c 40 API calls 19241->19247 19249 7ff792410e5a 19241->19249 19242->19227 19243->19226 19245 7ff792410edc 19244->19245 19246 7ff79240a9b8 __free_lconv_mon 11 API calls 19245->19246 19248 7ff792410ee6 19246->19248 19251 7ff792410e86 19247->19251 19248->19243 19248->19249 19250 7ff792410f9f 19249->19250 19254 7ff79240ec08 _get_daylight 11 API calls 19249->19254 19252 7ff79240a9b8 __free_lconv_mon 11 API calls 19250->19252 19253 7ff79240a9b8 __free_lconv_mon 11 API calls 19251->19253 19252->19232 19253->19249 19255 7ff792410f2b 19254->19255 19256 7ff792410f3c 19255->19256 19257 7ff792410f33 19255->19257 19259 7ff7924104e4 37 API calls 19256->19259 19258 7ff79240a9b8 __free_lconv_mon 11 API calls 19257->19258 19272 7ff792410f3a 19258->19272 19260 7ff792410f4a 19259->19260 19261 7ff792410fdf 19260->19261 19262 7ff792410f52 SetEnvironmentVariableW 19260->19262 19265 7ff79240a970 _isindst 17 API calls 19261->19265 19263 7ff792410f97 19262->19263 19264 7ff792410f76 19262->19264 19269 7ff79240a9b8 __free_lconv_mon 11 API calls 19263->19269 19267 7ff792404f78 _get_daylight 11 API calls 19264->19267 19268 7ff792410ff3 19265->19268 19266 7ff79240a9b8 __free_lconv_mon 11 API calls 19266->19232 19270 7ff792410f7b 19267->19270 19269->19250 19271 7ff79240a9b8 __free_lconv_mon 11 API calls 19270->19271 19271->19272 19272->19266 19274 7ff792411029 19273->19274 19281 7ff792411011 19273->19281 19275 7ff79240ec08 _get_daylight 11 API calls 19274->19275 19276 7ff79241104d 19275->19276 19277 7ff7924110ae 19276->19277 19282 7ff79240ec08 _get_daylight 11 API calls 19276->19282 19283 7ff79240a9b8 __free_lconv_mon 11 API calls 19276->19283 19284 7ff79240a514 __std_exception_copy 37 API calls 19276->19284 19285 7ff7924110bd 19276->19285 19287 7ff7924110d2 19276->19287 19279 7ff79240a9b8 __free_lconv_mon 11 API calls 19277->19279 19278 7ff79240a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19280 7ff7924110d8 19278->19280 19279->19281 19281->19149 19282->19276 19283->19276 19284->19276 19286 7ff79240a970 _isindst 17 API calls 19285->19286 19286->19287 19287->19278 19289 7ff792409740 19288->19289 19290 7ff792409749 19288->19290 19289->19290 19403 7ff792409208 19289->19403 19290->19166 19290->19167 19295 7ff7924171a9 19294->19295 19296 7ff7924162c4 19294->19296 19298 7ff792404fbc 45 API calls 19295->19298 19297 7ff7924162d1 19296->19297 19304 7ff792416307 19296->19304 19301 7ff792404f78 _get_daylight 11 API calls 19297->19301 19318 7ff792416278 19297->19318 19300 7ff7924171dd 19298->19300 19299 7ff792416331 19303 7ff792404f78 _get_daylight 11 API calls 19299->19303 19305 7ff7924171e2 19300->19305 19309 7ff7924171f3 19300->19309 19313 7ff79241720a 19300->19313 19302 7ff7924162db 19301->19302 19306 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19302->19306 19307 7ff792416336 19303->19307 19304->19299 19308 7ff792416356 19304->19308 19305->19160 19311 7ff7924162e6 19306->19311 19312 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19307->19312 19314 7ff792404fbc 45 API calls 19308->19314 19319 7ff792416341 19308->19319 19310 7ff792404f78 _get_daylight 11 API calls 19309->19310 19315 7ff7924171f8 19310->19315 19311->19160 19312->19319 19316 7ff792417214 19313->19316 19317 7ff792417226 19313->19317 19314->19319 19320 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19315->19320 19321 7ff792404f78 _get_daylight 11 API calls 19316->19321 19322 7ff792417237 19317->19322 19323 7ff79241724e 19317->19323 19318->19160 19319->19160 19320->19305 19324 7ff792417219 19321->19324 19626 7ff792416314 19322->19626 19635 7ff792418fbc 19323->19635 19328 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19324->19328 19328->19305 19329 7ff792404f78 _get_daylight 11 API calls 19329->19305 19331 7ff79241348b 19330->19331 19332 7ff79241346e 19330->19332 19333 7ff792413495 19331->19333 19675 7ff792417ca8 19331->19675 19332->19331 19334 7ff79241347c 19332->19334 19682 7ff792417ce4 19333->19682 19336 7ff792404f78 _get_daylight 11 API calls 19334->19336 19338 7ff792413481 __scrt_get_show_window_mode 19336->19338 19338->19185 19340 7ff792404fbc 45 API calls 19339->19340 19341 7ff79241731a 19340->19341 19342 7ff792417328 19341->19342 19694 7ff79240ef94 19341->19694 19697 7ff79240551c 19342->19697 19346 7ff792417414 19349 7ff79240a9b8 __free_lconv_mon 11 API calls 19346->19349 19350 7ff792417425 19346->19350 19347 7ff792404fbc 45 API calls 19348 7ff792417397 19347->19348 19352 7ff79240ef94 5 API calls 19348->19352 19354 7ff7924173a0 19348->19354 19349->19350 19351 7ff792410c13 19350->19351 19353 7ff79240a9b8 __free_lconv_mon 11 API calls 19350->19353 19351->19203 19351->19204 19352->19354 19353->19351 19355 7ff79240551c 14 API calls 19354->19355 19356 7ff7924173fb 19355->19356 19356->19346 19357 7ff792417403 SetEnvironmentVariableW 19356->19357 19357->19346 19359 7ff79241111c 19358->19359 19366 7ff7924110ff 19358->19366 19360 7ff79240ec08 _get_daylight 11 API calls 19359->19360 19368 7ff792411140 19360->19368 19361 7ff7924111c4 19363 7ff79240a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19361->19363 19362 7ff7924111a1 19364 7ff79240a9b8 __free_lconv_mon 11 API calls 19362->19364 19365 7ff7924111ca 19363->19365 19364->19366 19366->19215 19367 7ff79240ec08 _get_daylight 11 API calls 19367->19368 19368->19361 19368->19362 19368->19367 19369 7ff79240a9b8 __free_lconv_mon 11 API calls 19368->19369 19370 7ff7924104e4 37 API calls 19368->19370 19371 7ff7924111b0 19368->19371 19369->19368 19370->19368 19372 7ff79240a970 _isindst 17 API calls 19371->19372 19372->19361 19374 7ff79240977c 19373->19374 19377 7ff792409785 19373->19377 19374->19377 19719 7ff79240927c 19374->19719 19377->19234 19377->19235 19380 7ff792417069 19379->19380 19385 7ff792417096 19379->19385 19381 7ff79241706e 19380->19381 19380->19385 19382 7ff792404f78 _get_daylight 11 API calls 19381->19382 19383 7ff792417073 19382->19383 19386 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19383->19386 19384 7ff7924170da 19388 7ff792404f78 _get_daylight 11 API calls 19384->19388 19385->19384 19387 7ff7924170f9 19385->19387 19401 7ff7924170ce __crtLCMapStringW 19385->19401 19389 7ff79241707e 19386->19389 19390 7ff792417103 19387->19390 19391 7ff792417115 19387->19391 19392 7ff7924170df 19388->19392 19389->19227 19393 7ff792404f78 _get_daylight 11 API calls 19390->19393 19394 7ff792404fbc 45 API calls 19391->19394 19395 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19392->19395 19396 7ff792417108 19393->19396 19397 7ff792417122 19394->19397 19395->19401 19398 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19396->19398 19397->19401 19766 7ff792418b78 19397->19766 19398->19401 19401->19227 19402 7ff792404f78 _get_daylight 11 API calls 19402->19401 19404 7ff792409221 19403->19404 19417 7ff79240921d 19403->19417 19426 7ff792412660 19404->19426 19409 7ff79240923f 19452 7ff7924092ec 19409->19452 19410 7ff792409233 19411 7ff79240a9b8 __free_lconv_mon 11 API calls 19410->19411 19411->19417 19414 7ff79240a9b8 __free_lconv_mon 11 API calls 19415 7ff792409266 19414->19415 19416 7ff79240a9b8 __free_lconv_mon 11 API calls 19415->19416 19416->19417 19417->19290 19418 7ff79240955c 19417->19418 19419 7ff792409585 19418->19419 19424 7ff79240959e 19418->19424 19419->19290 19420 7ff792410858 WideCharToMultiByte 19420->19424 19421 7ff79240ec08 _get_daylight 11 API calls 19421->19424 19422 7ff79240962e 19423 7ff79240a9b8 __free_lconv_mon 11 API calls 19422->19423 19423->19419 19424->19419 19424->19420 19424->19421 19424->19422 19425 7ff79240a9b8 __free_lconv_mon 11 API calls 19424->19425 19425->19424 19427 7ff79241266d 19426->19427 19431 7ff792409226 19426->19431 19471 7ff79240b294 19427->19471 19432 7ff79241299c GetEnvironmentStringsW 19431->19432 19433 7ff7924129cc 19432->19433 19434 7ff79240922b 19432->19434 19435 7ff792410858 WideCharToMultiByte 19433->19435 19434->19409 19434->19410 19436 7ff792412a1d 19435->19436 19437 7ff792412a24 FreeEnvironmentStringsW 19436->19437 19438 7ff79240d66c _fread_nolock 12 API calls 19436->19438 19437->19434 19439 7ff792412a37 19438->19439 19440 7ff792412a48 19439->19440 19441 7ff792412a3f 19439->19441 19443 7ff792410858 WideCharToMultiByte 19440->19443 19442 7ff79240a9b8 __free_lconv_mon 11 API calls 19441->19442 19444 7ff792412a46 19442->19444 19445 7ff792412a6b 19443->19445 19444->19437 19446 7ff792412a79 19445->19446 19447 7ff792412a6f 19445->19447 19448 7ff79240a9b8 __free_lconv_mon 11 API calls 19446->19448 19449 7ff79240a9b8 __free_lconv_mon 11 API calls 19447->19449 19450 7ff792412a77 FreeEnvironmentStringsW 19448->19450 19449->19450 19450->19434 19453 7ff792409311 19452->19453 19454 7ff79240ec08 _get_daylight 11 API calls 19453->19454 19467 7ff792409347 19454->19467 19455 7ff79240934f 19456 7ff79240a9b8 __free_lconv_mon 11 API calls 19455->19456 19457 7ff792409247 19456->19457 19457->19414 19458 7ff7924093c2 19459 7ff79240a9b8 __free_lconv_mon 11 API calls 19458->19459 19459->19457 19460 7ff79240ec08 _get_daylight 11 API calls 19460->19467 19461 7ff7924093b1 19620 7ff792409518 19461->19620 19463 7ff79240a514 __std_exception_copy 37 API calls 19463->19467 19465 7ff79240a9b8 __free_lconv_mon 11 API calls 19465->19455 19466 7ff7924093e7 19468 7ff79240a970 _isindst 17 API calls 19466->19468 19467->19455 19467->19458 19467->19460 19467->19461 19467->19463 19467->19466 19469 7ff79240a9b8 __free_lconv_mon 11 API calls 19467->19469 19470 7ff7924093fa 19468->19470 19469->19467 19472 7ff79240b2c0 FlsSetValue 19471->19472 19473 7ff79240b2a5 FlsGetValue 19471->19473 19474 7ff79240b2cd 19472->19474 19475 7ff79240b2b2 19472->19475 19473->19475 19476 7ff79240b2ba 19473->19476 19477 7ff79240ec08 _get_daylight 11 API calls 19474->19477 19478 7ff79240b2b8 19475->19478 19479 7ff79240a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19475->19479 19476->19472 19481 7ff79240b2dc 19477->19481 19491 7ff792412334 19478->19491 19480 7ff79240b335 19479->19480 19482 7ff79240b2fa FlsSetValue 19481->19482 19483 7ff79240b2ea FlsSetValue 19481->19483 19485 7ff79240b318 19482->19485 19486 7ff79240b306 FlsSetValue 19482->19486 19484 7ff79240b2f3 19483->19484 19487 7ff79240a9b8 __free_lconv_mon 11 API calls 19484->19487 19488 7ff79240af64 _get_daylight 11 API calls 19485->19488 19486->19484 19487->19475 19489 7ff79240b320 19488->19489 19490 7ff79240a9b8 __free_lconv_mon 11 API calls 19489->19490 19490->19478 19514 7ff7924125a4 19491->19514 19493 7ff792412369 19529 7ff792412034 19493->19529 19496 7ff792412386 19496->19431 19497 7ff79240d66c _fread_nolock 12 API calls 19498 7ff792412397 19497->19498 19499 7ff79241239f 19498->19499 19501 7ff7924123ae 19498->19501 19500 7ff79240a9b8 __free_lconv_mon 11 API calls 19499->19500 19500->19496 19501->19501 19536 7ff7924126dc 19501->19536 19504 7ff7924124aa 19505 7ff792404f78 _get_daylight 11 API calls 19504->19505 19506 7ff7924124af 19505->19506 19510 7ff79240a9b8 __free_lconv_mon 11 API calls 19506->19510 19507 7ff792412505 19509 7ff79241256c 19507->19509 19547 7ff792411e64 19507->19547 19508 7ff7924124c4 19508->19507 19511 7ff79240a9b8 __free_lconv_mon 11 API calls 19508->19511 19513 7ff79240a9b8 __free_lconv_mon 11 API calls 19509->19513 19510->19496 19511->19507 19513->19496 19515 7ff7924125c7 19514->19515 19517 7ff7924125d1 19515->19517 19562 7ff792410348 EnterCriticalSection 19515->19562 19518 7ff792412643 19517->19518 19521 7ff79240a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19517->19521 19518->19493 19523 7ff79241265b 19521->19523 19525 7ff7924126b2 19523->19525 19526 7ff79240b294 50 API calls 19523->19526 19525->19493 19527 7ff79241269c 19526->19527 19528 7ff792412334 65 API calls 19527->19528 19528->19525 19530 7ff792404fbc 45 API calls 19529->19530 19531 7ff792412048 19530->19531 19532 7ff792412054 GetOEMCP 19531->19532 19533 7ff792412066 19531->19533 19534 7ff79241207b 19532->19534 19533->19534 19535 7ff79241206b GetACP 19533->19535 19534->19496 19534->19497 19535->19534 19537 7ff792412034 47 API calls 19536->19537 19538 7ff792412709 19537->19538 19539 7ff792412746 IsValidCodePage 19538->19539 19545 7ff79241285f 19538->19545 19546 7ff792412760 __scrt_get_show_window_mode 19538->19546 19541 7ff792412757 19539->19541 19539->19545 19540 7ff7923fc5c0 _log10_special 8 API calls 19542 7ff7924124a1 19540->19542 19543 7ff792412786 GetCPInfo 19541->19543 19541->19546 19542->19504 19542->19508 19543->19545 19543->19546 19545->19540 19563 7ff79241214c 19546->19563 19619 7ff792410348 EnterCriticalSection 19547->19619 19564 7ff792412189 GetCPInfo 19563->19564 19565 7ff79241227f 19563->19565 19564->19565 19571 7ff79241219c 19564->19571 19566 7ff7923fc5c0 _log10_special 8 API calls 19565->19566 19568 7ff79241231e 19566->19568 19567 7ff792412eb0 48 API calls 19569 7ff792412213 19567->19569 19568->19545 19574 7ff792417bf4 19569->19574 19571->19567 19573 7ff792417bf4 54 API calls 19573->19565 19575 7ff792404fbc 45 API calls 19574->19575 19576 7ff792417c19 19575->19576 19579 7ff7924178c0 19576->19579 19580 7ff792417901 19579->19580 19581 7ff79240f910 _fread_nolock MultiByteToWideChar 19580->19581 19584 7ff79241794b 19581->19584 19582 7ff792417bc9 19583 7ff7923fc5c0 _log10_special 8 API calls 19582->19583 19585 7ff792412246 19583->19585 19584->19582 19586 7ff79240d66c _fread_nolock 12 API calls 19584->19586 19587 7ff792417983 19584->19587 19598 7ff792417a81 19584->19598 19585->19573 19586->19587 19589 7ff79240f910 _fread_nolock MultiByteToWideChar 19587->19589 19587->19598 19588 7ff79240a9b8 __free_lconv_mon 11 API calls 19588->19582 19590 7ff7924179f6 19589->19590 19590->19598 19610 7ff79240f154 19590->19610 19593 7ff792417a41 19595 7ff79240f154 __crtLCMapStringW 6 API calls 19593->19595 19593->19598 19594 7ff792417a92 19596 7ff79240d66c _fread_nolock 12 API calls 19594->19596 19597 7ff792417b64 19594->19597 19600 7ff792417ab0 19594->19600 19595->19598 19596->19600 19597->19598 19599 7ff79240a9b8 __free_lconv_mon 11 API calls 19597->19599 19598->19582 19598->19588 19599->19598 19600->19598 19601 7ff79240f154 __crtLCMapStringW 6 API calls 19600->19601 19602 7ff792417b30 19601->19602 19602->19597 19603 7ff792417b50 19602->19603 19604 7ff792417b66 19602->19604 19605 7ff792410858 WideCharToMultiByte 19603->19605 19606 7ff792410858 WideCharToMultiByte 19604->19606 19607 7ff792417b5e 19605->19607 19606->19607 19607->19597 19608 7ff792417b7e 19607->19608 19608->19598 19609 7ff79240a9b8 __free_lconv_mon 11 API calls 19608->19609 19609->19598 19611 7ff79240ed80 __crtLCMapStringW 5 API calls 19610->19611 19612 7ff79240f192 19611->19612 19613 7ff79240f19a 19612->19613 19616 7ff79240f240 19612->19616 19613->19593 19613->19594 19613->19598 19615 7ff79240f203 LCMapStringW 19615->19613 19617 7ff79240ed80 __crtLCMapStringW 5 API calls 19616->19617 19618 7ff79240f26e __crtLCMapStringW 19617->19618 19618->19615 19621 7ff79240951d 19620->19621 19625 7ff7924093b9 19620->19625 19622 7ff792409546 19621->19622 19623 7ff79240a9b8 __free_lconv_mon 11 API calls 19621->19623 19624 7ff79240a9b8 __free_lconv_mon 11 API calls 19622->19624 19623->19621 19624->19625 19625->19465 19627 7ff792416348 19626->19627 19628 7ff792416331 19626->19628 19627->19628 19631 7ff792416356 19627->19631 19629 7ff792404f78 _get_daylight 11 API calls 19628->19629 19630 7ff792416336 19629->19630 19632 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19630->19632 19633 7ff792404fbc 45 API calls 19631->19633 19634 7ff792416341 19631->19634 19632->19634 19633->19634 19634->19305 19636 7ff792404fbc 45 API calls 19635->19636 19637 7ff792418fe1 19636->19637 19640 7ff792418c38 19637->19640 19642 7ff792418c86 19640->19642 19641 7ff7923fc5c0 _log10_special 8 API calls 19643 7ff792417275 19641->19643 19644 7ff792418d0d 19642->19644 19646 7ff792418cf8 GetCPInfo 19642->19646 19649 7ff792418d11 19642->19649 19643->19305 19643->19329 19645 7ff79240f910 _fread_nolock MultiByteToWideChar 19644->19645 19644->19649 19647 7ff792418da5 19645->19647 19646->19644 19646->19649 19648 7ff79240d66c _fread_nolock 12 API calls 19647->19648 19647->19649 19650 7ff792418ddc 19647->19650 19648->19650 19649->19641 19650->19649 19651 7ff79240f910 _fread_nolock MultiByteToWideChar 19650->19651 19652 7ff792418e4a 19651->19652 19653 7ff79240f910 _fread_nolock MultiByteToWideChar 19652->19653 19661 7ff792418f2c 19652->19661 19655 7ff792418e70 19653->19655 19654 7ff79240a9b8 __free_lconv_mon 11 API calls 19654->19649 19656 7ff79240d66c _fread_nolock 12 API calls 19655->19656 19657 7ff792418e9d 19655->19657 19655->19661 19656->19657 19658 7ff79240f910 _fread_nolock MultiByteToWideChar 19657->19658 19657->19661 19659 7ff792418f14 19658->19659 19660 7ff792418f34 19659->19660 19662 7ff792418f1a 19659->19662 19669 7ff79240efd8 19660->19669 19661->19649 19661->19654 19662->19661 19664 7ff79240a9b8 __free_lconv_mon 11 API calls 19662->19664 19664->19661 19666 7ff792418f73 19666->19649 19668 7ff79240a9b8 __free_lconv_mon 11 API calls 19666->19668 19667 7ff79240a9b8 __free_lconv_mon 11 API calls 19667->19666 19668->19649 19670 7ff79240ed80 __crtLCMapStringW 5 API calls 19669->19670 19671 7ff79240f016 19670->19671 19672 7ff79240f01e 19671->19672 19673 7ff79240f240 __crtLCMapStringW 5 API calls 19671->19673 19672->19666 19672->19667 19674 7ff79240f087 CompareStringW 19673->19674 19674->19672 19676 7ff792417cca HeapSize 19675->19676 19677 7ff792417cb1 19675->19677 19678 7ff792404f78 _get_daylight 11 API calls 19677->19678 19679 7ff792417cb6 19678->19679 19680 7ff79240a950 _invalid_parameter_noinfo 37 API calls 19679->19680 19681 7ff792417cc1 19680->19681 19681->19333 19683 7ff792417cf9 19682->19683 19684 7ff792417d03 19682->19684 19685 7ff79240d66c _fread_nolock 12 API calls 19683->19685 19686 7ff792417d08 19684->19686 19693 7ff792417d0f _get_daylight 19684->19693 19691 7ff792417d01 19685->19691 19687 7ff79240a9b8 __free_lconv_mon 11 API calls 19686->19687 19687->19691 19688 7ff792417d42 HeapReAlloc 19688->19691 19688->19693 19689 7ff792417d15 19690 7ff792404f78 _get_daylight 11 API calls 19689->19690 19690->19691 19691->19338 19692 7ff792413600 _get_daylight 2 API calls 19692->19693 19693->19688 19693->19689 19693->19692 19695 7ff79240ed80 __crtLCMapStringW 5 API calls 19694->19695 19696 7ff79240efb4 19695->19696 19696->19342 19698 7ff792405546 19697->19698 19699 7ff79240556a 19697->19699 19703 7ff79240a9b8 __free_lconv_mon 11 API calls 19698->19703 19708 7ff792405555 19698->19708 19700 7ff7924055c4 19699->19700 19701 7ff79240556f 19699->19701 19702 7ff79240f910 _fread_nolock MultiByteToWideChar 19700->19702 19704 7ff792405584 19701->19704 19705 7ff79240a9b8 __free_lconv_mon 11 API calls 19701->19705 19701->19708 19711 7ff7924055e0 19702->19711 19703->19708 19706 7ff79240d66c _fread_nolock 12 API calls 19704->19706 19705->19704 19706->19708 19707 7ff7924055e7 GetLastError 19710 7ff792404eec _fread_nolock 11 API calls 19707->19710 19708->19346 19708->19347 19709 7ff792405622 19709->19708 19713 7ff79240f910 _fread_nolock MultiByteToWideChar 19709->19713 19714 7ff7924055f4 19710->19714 19711->19707 19711->19709 19712 7ff792405615 19711->19712 19716 7ff79240a9b8 __free_lconv_mon 11 API calls 19711->19716 19717 7ff79240d66c _fread_nolock 12 API calls 19712->19717 19718 7ff792405666 19713->19718 19715 7ff792404f78 _get_daylight 11 API calls 19714->19715 19715->19708 19716->19712 19717->19709 19718->19707 19718->19708 19720 7ff792409295 19719->19720 19731 7ff792409291 19719->19731 19740 7ff792412aac GetEnvironmentStringsW 19720->19740 19723 7ff7924092ae 19747 7ff7924093fc 19723->19747 19724 7ff7924092a2 19725 7ff79240a9b8 __free_lconv_mon 11 API calls 19724->19725 19725->19731 19728 7ff79240a9b8 __free_lconv_mon 11 API calls 19729 7ff7924092d5 19728->19729 19730 7ff79240a9b8 __free_lconv_mon 11 API calls 19729->19730 19730->19731 19731->19377 19732 7ff79240963c 19731->19732 19733 7ff79240965f 19732->19733 19738 7ff792409676 19732->19738 19733->19377 19734 7ff79240ec08 _get_daylight 11 API calls 19734->19738 19735 7ff7924096ea 19737 7ff79240a9b8 __free_lconv_mon 11 API calls 19735->19737 19736 7ff79240f910 MultiByteToWideChar _fread_nolock 19736->19738 19737->19733 19738->19733 19738->19734 19738->19735 19738->19736 19739 7ff79240a9b8 __free_lconv_mon 11 API calls 19738->19739 19739->19738 19741 7ff792412ad0 19740->19741 19742 7ff79240929a 19740->19742 19743 7ff79240d66c _fread_nolock 12 API calls 19741->19743 19742->19723 19742->19724 19744 7ff792412b07 memcpy_s 19743->19744 19745 7ff79240a9b8 __free_lconv_mon 11 API calls 19744->19745 19746 7ff792412b27 FreeEnvironmentStringsW 19745->19746 19746->19742 19748 7ff792409424 19747->19748 19749 7ff79240ec08 _get_daylight 11 API calls 19748->19749 19758 7ff79240945f 19749->19758 19750 7ff79240a9b8 __free_lconv_mon 11 API calls 19751 7ff7924092b6 19750->19751 19751->19728 19752 7ff7924094e1 19753 7ff79240a9b8 __free_lconv_mon 11 API calls 19752->19753 19753->19751 19754 7ff79240ec08 _get_daylight 11 API calls 19754->19758 19755 7ff7924094d0 19757 7ff792409518 11 API calls 19755->19757 19756 7ff7924104e4 37 API calls 19756->19758 19759 7ff7924094d8 19757->19759 19758->19752 19758->19754 19758->19755 19758->19756 19760 7ff792409504 19758->19760 19762 7ff79240a9b8 __free_lconv_mon 11 API calls 19758->19762 19763 7ff792409467 19758->19763 19761 7ff79240a9b8 __free_lconv_mon 11 API calls 19759->19761 19764 7ff79240a970 _isindst 17 API calls 19760->19764 19761->19763 19762->19758 19763->19750 19765 7ff792409516 19764->19765 19767 7ff792418ba1 __crtLCMapStringW 19766->19767 19768 7ff79241715e 19767->19768 19769 7ff79240efd8 6 API calls 19767->19769 19768->19401 19768->19402 19769->19768 16104 7ff7923fbb50 16105 7ff7923fbb7e 16104->16105 16106 7ff7923fbb65 16104->16106 16106->16105 16109 7ff79240d66c 16106->16109 16110 7ff79240d6b7 16109->16110 16111 7ff79240d67b _get_daylight 16109->16111 16113 7ff792404f78 _get_daylight 11 API calls 16110->16113 16111->16110 16112 7ff79240d69e HeapAlloc 16111->16112 16115 7ff792413600 _get_daylight 2 API calls 16111->16115 16112->16111 16114 7ff7923fbbde 16112->16114 16113->16114 16115->16111 20003 7ff792409dc0 20006 7ff792409d3c 20003->20006 20013 7ff792410348 EnterCriticalSection 20006->20013 20088 7ff79240b040 20089 7ff79240b045 20088->20089 20093 7ff79240b05a 20088->20093 20094 7ff79240b060 20089->20094 20095 7ff79240b0aa 20094->20095 20096 7ff79240b0a2 20094->20096 20097 7ff79240a9b8 __free_lconv_mon 11 API calls 20095->20097 20098 7ff79240a9b8 __free_lconv_mon 11 API calls 20096->20098 20099 7ff79240b0b7 20097->20099 20098->20095 20100 7ff79240a9b8 __free_lconv_mon 11 API calls 20099->20100 20101 7ff79240b0c4 20100->20101 20102 7ff79240a9b8 __free_lconv_mon 11 API calls 20101->20102 20103 7ff79240b0d1 20102->20103 20104 7ff79240a9b8 __free_lconv_mon 11 API calls 20103->20104 20105 7ff79240b0de 20104->20105 20106 7ff79240a9b8 __free_lconv_mon 11 API calls 20105->20106 20107 7ff79240b0eb 20106->20107 20108 7ff79240a9b8 __free_lconv_mon 11 API calls 20107->20108 20109 7ff79240b0f8 20108->20109 20110 7ff79240a9b8 __free_lconv_mon 11 API calls 20109->20110 20111 7ff79240b105 20110->20111 20112 7ff79240a9b8 __free_lconv_mon 11 API calls 20111->20112 20113 7ff79240b115 20112->20113 20114 7ff79240a9b8 __free_lconv_mon 11 API calls 20113->20114 20115 7ff79240b125 20114->20115 20120 7ff79240af04 20115->20120 20134 7ff792410348 EnterCriticalSection 20120->20134

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FF7923F8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 7ff7923f8bd0-7ff7923f8d16 call 7ff7923fc8c0 call 7ff7923f9400 SetConsoleCtrlHandler GetStartupInfoW call 7ff792405460 call 7ff79240a4ec call 7ff79240878c call 7ff792405460 call 7ff79240a4ec call 7ff79240878c call 7ff792405460 call 7ff79240a4ec call 7ff79240878c GetCommandLineW CreateProcessW 23 7ff7923f8d3d-7ff7923f8d79 RegisterClassW 0->23 24 7ff7923f8d18-7ff7923f8d38 GetLastError call 7ff7923f2c50 0->24 26 7ff7923f8d81-7ff7923f8dd5 CreateWindowExW 23->26 27 7ff7923f8d7b GetLastError 23->27 31 7ff7923f9029-7ff7923f904f call 7ff7923fc5c0 24->31 29 7ff7923f8ddf-7ff7923f8de4 ShowWindow 26->29 30 7ff7923f8dd7-7ff7923f8ddd GetLastError 26->30 27->26 32 7ff7923f8dea-7ff7923f8dfa WaitForSingleObject 29->32 30->32 34 7ff7923f8dfc 32->34 35 7ff7923f8e78-7ff7923f8e7f 32->35 39 7ff7923f8e00-7ff7923f8e03 34->39 36 7ff7923f8ec2-7ff7923f8ec9 35->36 37 7ff7923f8e81-7ff7923f8e91 WaitForSingleObject 35->37 44 7ff7923f8fb0-7ff7923f8fc9 GetMessageW 36->44 45 7ff7923f8ecf-7ff7923f8ee5 QueryPerformanceFrequency QueryPerformanceCounter 36->45 42 7ff7923f8fe8-7ff7923f8ff2 37->42 43 7ff7923f8e97-7ff7923f8ea7 TerminateProcess 37->43 40 7ff7923f8e05 GetLastError 39->40 41 7ff7923f8e0b-7ff7923f8e12 39->41 40->41 41->37 46 7ff7923f8e14-7ff7923f8e31 PeekMessageW 41->46 49 7ff7923f8ff4-7ff7923f8ffa DestroyWindow 42->49 50 7ff7923f9001-7ff7923f9025 GetExitCodeProcess CloseHandle * 2 42->50 51 7ff7923f8eaf-7ff7923f8ebd WaitForSingleObject 43->51 52 7ff7923f8ea9 GetLastError 43->52 47 7ff7923f8fdf-7ff7923f8fe6 44->47 48 7ff7923f8fcb-7ff7923f8fd9 TranslateMessage DispatchMessageW 44->48 53 7ff7923f8ef0-7ff7923f8f28 MsgWaitForMultipleObjects PeekMessageW 45->53 54 7ff7923f8e66-7ff7923f8e76 WaitForSingleObject 46->54 55 7ff7923f8e33-7ff7923f8e64 TranslateMessage DispatchMessageW PeekMessageW 46->55 47->42 47->44 48->47 49->50 50->31 51->42 52->51 56 7ff7923f8f63-7ff7923f8f6a 53->56 57 7ff7923f8f2a 53->57 54->35 54->39 55->54 55->55 56->44 58 7ff7923f8f6c-7ff7923f8f95 QueryPerformanceCounter 56->58 59 7ff7923f8f30-7ff7923f8f61 TranslateMessage DispatchMessageW PeekMessageW 57->59 58->53 60 7ff7923f8f9b-7ff7923f8fa2 58->60 59->56 59->59 60->42 61 7ff7923f8fa4-7ff7923f8fa8 60->61 61->44
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                  • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                  • API String ID: 3832162212-3165540532
                                                                                                                                                                                                  • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction ID: f761d6855b4006122dfd0801523a005978e54ecb78172726054c9a0d98372b4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5D17132B08B868AFB20FF34E8552A9B760FF94B58F900239DA5D426A5DFBCD544C750
                                                                                                                                                                                                  Function 00007FF7923F1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 62 7ff7923f1000-7ff7923f3806 call 7ff7923ffe88 call 7ff7923ffe90 call 7ff7923fc8c0 call 7ff792405460 call 7ff7924054f4 call 7ff7923f36b0 76 7ff7923f3814-7ff7923f3836 call 7ff7923f1950 62->76 77 7ff7923f3808-7ff7923f380f 62->77 82 7ff7923f391b-7ff7923f3931 call 7ff7923f45b0 76->82 83 7ff7923f383c-7ff7923f3856 call 7ff7923f1c80 76->83 79 7ff7923f3c97-7ff7923f3cb2 call 7ff7923fc5c0 77->79 90 7ff7923f3933-7ff7923f3960 call 7ff7923f7f80 82->90 91 7ff7923f396a-7ff7923f397f call 7ff7923f2710 82->91 87 7ff7923f385b-7ff7923f389b call 7ff7923f8a20 83->87 96 7ff7923f38c1-7ff7923f38cc call 7ff792404fa0 87->96 97 7ff7923f389d-7ff7923f38a3 87->97 103 7ff7923f3984-7ff7923f39a6 call 7ff7923f1c80 90->103 104 7ff7923f3962-7ff7923f3965 call 7ff7924000bc 90->104 99 7ff7923f3c8f 91->99 111 7ff7923f38d2-7ff7923f38e1 call 7ff7923f8a20 96->111 112 7ff7923f39fc-7ff7923f3a2a call 7ff7923f8b30 call 7ff7923f8b90 * 3 96->112 100 7ff7923f38a5-7ff7923f38ad 97->100 101 7ff7923f38af-7ff7923f38bd call 7ff7923f8b90 97->101 99->79 100->101 101->96 115 7ff7923f39b0-7ff7923f39b9 103->115 104->91 119 7ff7923f39f4-7ff7923f39f7 call 7ff792404fa0 111->119 120 7ff7923f38e7-7ff7923f38ed 111->120 138 7ff7923f3a2f-7ff7923f3a3e call 7ff7923f8a20 112->138 115->115 118 7ff7923f39bb-7ff7923f39d8 call 7ff7923f1950 115->118 118->87 130 7ff7923f39de-7ff7923f39ef call 7ff7923f2710 118->130 119->112 123 7ff7923f38f0-7ff7923f38fc 120->123 127 7ff7923f3905-7ff7923f3908 123->127 128 7ff7923f38fe-7ff7923f3903 123->128 127->119 131 7ff7923f390e-7ff7923f3916 call 7ff792404fa0 127->131 128->123 128->127 130->99 131->138 141 7ff7923f3b45-7ff7923f3b53 138->141 142 7ff7923f3a44-7ff7923f3a47 138->142 143 7ff7923f3b59-7ff7923f3b5d 141->143 144 7ff7923f3a67 141->144 142->141 145 7ff7923f3a4d-7ff7923f3a50 142->145 146 7ff7923f3a6b-7ff7923f3a90 call 7ff792404fa0 143->146 144->146 147 7ff7923f3a56-7ff7923f3a5a 145->147 148 7ff7923f3b14-7ff7923f3b17 145->148 156 7ff7923f3a92-7ff7923f3aa6 call 7ff7923f8b30 146->156 157 7ff7923f3aab-7ff7923f3ac0 146->157 147->148 150 7ff7923f3a60 147->150 151 7ff7923f3b2f-7ff7923f3b40 call 7ff7923f2710 148->151 152 7ff7923f3b19-7ff7923f3b1d 148->152 150->144 160 7ff7923f3c7f-7ff7923f3c87 151->160 152->151 153 7ff7923f3b1f-7ff7923f3b2a 152->153 153->146 156->157 161 7ff7923f3ac6-7ff7923f3aca 157->161 162 7ff7923f3be8-7ff7923f3bfa call 7ff7923f8a20 157->162 160->99 164 7ff7923f3ad0-7ff7923f3ae8 call 7ff7924052c0 161->164 165 7ff7923f3bcd-7ff7923f3be2 call 7ff7923f1940 161->165 170 7ff7923f3c2e 162->170 171 7ff7923f3bfc-7ff7923f3c02 162->171 175 7ff7923f3b62-7ff7923f3b7a call 7ff7924052c0 164->175 176 7ff7923f3aea-7ff7923f3b02 call 7ff7924052c0 164->176 165->161 165->162 177 7ff7923f3c31-7ff7923f3c40 call 7ff792404fa0 170->177 173 7ff7923f3c04-7ff7923f3c1c 171->173 174 7ff7923f3c1e-7ff7923f3c2c 171->174 173->177 174->177 184 7ff7923f3b7c-7ff7923f3b80 175->184 185 7ff7923f3b87-7ff7923f3b9f call 7ff7924052c0 175->185 176->165 186 7ff7923f3b08-7ff7923f3b0f 176->186 187 7ff7923f3c46-7ff7923f3c4a 177->187 188 7ff7923f3d41-7ff7923f3d63 call 7ff7923f44d0 177->188 184->185 201 7ff7923f3ba1-7ff7923f3ba5 185->201 202 7ff7923f3bac-7ff7923f3bc4 call 7ff7924052c0 185->202 186->165 189 7ff7923f3cd4-7ff7923f3ce6 call 7ff7923f8a20 187->189 190 7ff7923f3c50-7ff7923f3c5f call 7ff7923f90e0 187->190 199 7ff7923f3d65-7ff7923f3d6f call 7ff7923f4620 188->199 200 7ff7923f3d71-7ff7923f3d82 call 7ff7923f1c80 188->200 205 7ff7923f3d35-7ff7923f3d3c 189->205 206 7ff7923f3ce8-7ff7923f3ceb 189->206 203 7ff7923f3cb3-7ff7923f3cb6 call 7ff7923f8850 190->203 204 7ff7923f3c61 190->204 214 7ff7923f3d87-7ff7923f3d96 199->214 200->214 201->202 202->165 216 7ff7923f3bc6 202->216 221 7ff7923f3cbb-7ff7923f3cbd 203->221 211 7ff7923f3c68 call 7ff7923f2710 204->211 205->211 206->205 212 7ff7923f3ced-7ff7923f3d10 call 7ff7923f1c80 206->212 222 7ff7923f3c6d-7ff7923f3c77 211->222 228 7ff7923f3d12-7ff7923f3d26 call 7ff7923f2710 call 7ff792404fa0 212->228 229 7ff7923f3d2b-7ff7923f3d33 call 7ff792404fa0 212->229 219 7ff7923f3dc4-7ff7923f3dda call 7ff7923f9400 214->219 220 7ff7923f3d98-7ff7923f3d9f 214->220 216->165 232 7ff7923f3ddc 219->232 233 7ff7923f3de8-7ff7923f3e04 SetDllDirectoryW 219->233 220->219 224 7ff7923f3da1-7ff7923f3da5 220->224 226 7ff7923f3cbf-7ff7923f3cc6 221->226 227 7ff7923f3cc8-7ff7923f3ccf 221->227 222->160 224->219 230 7ff7923f3da7-7ff7923f3dbe SetDllDirectoryW LoadLibraryExW 224->230 226->211 227->214 228->222 229->214 230->219 232->233 236 7ff7923f3f01-7ff7923f3f08 233->236 237 7ff7923f3e0a-7ff7923f3e19 call 7ff7923f8a20 233->237 242 7ff7923f3f0e-7ff7923f3f15 236->242 243 7ff7923f3ffc-7ff7923f4004 236->243 251 7ff7923f3e32-7ff7923f3e3c call 7ff792404fa0 237->251 252 7ff7923f3e1b-7ff7923f3e21 237->252 242->243 248 7ff7923f3f1b-7ff7923f3f25 call 7ff7923f33c0 242->248 244 7ff7923f4006-7ff7923f4023 PostMessageW GetMessageW 243->244 245 7ff7923f4029-7ff7923f405b call 7ff7923f36a0 call 7ff7923f3360 call 7ff7923f3670 call 7ff7923f6fb0 call 7ff7923f6d60 243->245 244->245 248->222 258 7ff7923f3f2b-7ff7923f3f3f call 7ff7923f90c0 248->258 263 7ff7923f3ef2-7ff7923f3efc call 7ff7923f8b30 251->263 264 7ff7923f3e42-7ff7923f3e48 251->264 255 7ff7923f3e23-7ff7923f3e2b 252->255 256 7ff7923f3e2d-7ff7923f3e2f 252->256 255->256 256->251 269 7ff7923f3f64-7ff7923f3fa7 call 7ff7923f8b30 call 7ff7923f8bd0 call 7ff7923f6fb0 call 7ff7923f6d60 call 7ff7923f8ad0 258->269 270 7ff7923f3f41-7ff7923f3f5e PostMessageW GetMessageW 258->270 263->236 264->263 268 7ff7923f3e4e-7ff7923f3e54 264->268 272 7ff7923f3e56-7ff7923f3e58 268->272 273 7ff7923f3e5f-7ff7923f3e61 268->273 309 7ff7923f3fe9-7ff7923f3ff0 call 7ff7923f1900 269->309 310 7ff7923f3fa9-7ff7923f3fb3 call 7ff7923f9200 269->310 270->269 274 7ff7923f3e67-7ff7923f3e83 call 7ff7923f6db0 call 7ff7923f7330 272->274 277 7ff7923f3e5a 272->277 273->236 273->274 289 7ff7923f3e85-7ff7923f3e8c 274->289 290 7ff7923f3e8e-7ff7923f3e95 274->290 277->236 292 7ff7923f3edb-7ff7923f3ef0 call 7ff7923f2a50 call 7ff7923f6fb0 call 7ff7923f6d60 289->292 293 7ff7923f3eaf-7ff7923f3eb9 call 7ff7923f71a0 290->293 294 7ff7923f3e97-7ff7923f3ea4 call 7ff7923f6df0 290->294 292->236 307 7ff7923f3ec4-7ff7923f3ed2 call 7ff7923f74e0 293->307 308 7ff7923f3ebb-7ff7923f3ec2 293->308 294->293 306 7ff7923f3ea6-7ff7923f3ead 294->306 306->292 307->236 318 7ff7923f3ed4 307->318 308->292 320 7ff7923f3ff5-7ff7923f3ff7 309->320 310->309 321 7ff7923f3fb5-7ff7923f3fca 310->321 318->292 320->222 322 7ff7923f3fe4 call 7ff7923f2a50 321->322 323 7ff7923f3fcc-7ff7923f3fdf call 7ff7923f2710 call 7ff7923f1900 321->323 322->309 323->222
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                  • API String ID: 2776309574-4232158417
                                                                                                                                                                                                  • Opcode ID: 0252743f8e8efbc05bca8e3c9e3d05a1711d4f7d3973d6974df3e787a06770c6
                                                                                                                                                                                                  • Instruction ID: cad4c9d84a16d0510b78c115e172483db2c58d7f8bc0397502138080ff94a5c3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0252743f8e8efbc05bca8e3c9e3d05a1711d4f7d3973d6974df3e787a06770c6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90327D21B0868291FF39FB31E5562F9A661AF54780FC4407EDA4D432D6EFACE958C360
                                                                                                                                                                                                  Function 00007FF792415C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 477 7ff792415c70-7ff792415cab call 7ff7924155f8 call 7ff792415600 call 7ff792415668 484 7ff792415cb1-7ff792415cbc call 7ff792415608 477->484 485 7ff792415ed5-7ff792415f21 call 7ff79240a970 call 7ff7924155f8 call 7ff792415600 call 7ff792415668 477->485 484->485 490 7ff792415cc2-7ff792415ccc 484->490 512 7ff792415f27-7ff792415f32 call 7ff792415608 485->512 513 7ff79241605f-7ff7924160cd call 7ff79240a970 call 7ff7924115e8 485->513 492 7ff792415cee-7ff792415cf2 490->492 493 7ff792415cce-7ff792415cd1 490->493 497 7ff792415cf5-7ff792415cfd 492->497 495 7ff792415cd4-7ff792415cdf 493->495 498 7ff792415cea-7ff792415cec 495->498 499 7ff792415ce1-7ff792415ce8 495->499 497->497 501 7ff792415cff-7ff792415d12 call 7ff79240d66c 497->501 498->492 502 7ff792415d1b-7ff792415d29 498->502 499->495 499->498 507 7ff792415d2a-7ff792415d36 call 7ff79240a9b8 501->507 508 7ff792415d14-7ff792415d16 call 7ff79240a9b8 501->508 518 7ff792415d3d-7ff792415d45 507->518 508->502 512->513 520 7ff792415f38-7ff792415f43 call 7ff792415638 512->520 531 7ff7924160db-7ff7924160de 513->531 532 7ff7924160cf-7ff7924160d6 513->532 518->518 521 7ff792415d47-7ff792415d58 call 7ff7924104e4 518->521 520->513 529 7ff792415f49-7ff792415f6c call 7ff79240a9b8 GetTimeZoneInformation 520->529 521->485 530 7ff792415d5e-7ff792415db4 call 7ff79241a540 * 4 call 7ff792415b8c 521->530 545 7ff792415f72-7ff792415f93 529->545 546 7ff792416034-7ff79241605e call 7ff7924155f0 call 7ff7924155e0 call 7ff7924155e8 529->546 589 7ff792415db6-7ff792415dba 530->589 534 7ff7924160e0 531->534 535 7ff792416115-7ff792416128 call 7ff79240d66c 531->535 537 7ff79241616b-7ff79241616e 532->537 539 7ff7924160e3 534->539 550 7ff79241612a 535->550 551 7ff792416133-7ff79241614e call 7ff7924115e8 535->551 537->539 540 7ff792416174-7ff79241617c call 7ff792415c70 537->540 547 7ff7924160e8-7ff792416114 call 7ff79240a9b8 call 7ff7923fc5c0 539->547 548 7ff7924160e3 call 7ff792415eec 539->548 540->547 553 7ff792415f9e-7ff792415fa5 545->553 554 7ff792415f95-7ff792415f9b 545->554 548->547 558 7ff79241612c-7ff792416131 call 7ff79240a9b8 550->558 574 7ff792416150-7ff792416153 551->574 575 7ff792416155-7ff792416167 call 7ff79240a9b8 551->575 560 7ff792415fa7-7ff792415faf 553->560 561 7ff792415fb9 553->561 554->553 558->534 560->561 567 7ff792415fb1-7ff792415fb7 560->567 570 7ff792415fbb-7ff79241602f call 7ff79241a540 * 4 call 7ff792412bcc call 7ff792416184 * 2 561->570 567->570 570->546 574->558 575->537 591 7ff792415dbc 589->591 592 7ff792415dc0-7ff792415dc4 589->592 591->592 592->589 594 7ff792415dc6-7ff792415deb call 7ff792406bc8 592->594 600 7ff792415dee-7ff792415df2 594->600 602 7ff792415e01-7ff792415e05 600->602 603 7ff792415df4-7ff792415dff 600->603 602->600 603->602 605 7ff792415e07-7ff792415e0b 603->605 608 7ff792415e8c-7ff792415e90 605->608 609 7ff792415e0d-7ff792415e35 call 7ff792406bc8 605->609 610 7ff792415e97-7ff792415ea4 608->610 611 7ff792415e92-7ff792415e94 608->611 618 7ff792415e37 609->618 619 7ff792415e53-7ff792415e57 609->619 613 7ff792415ebf-7ff792415ece call 7ff7924155f0 call 7ff7924155e0 610->613 614 7ff792415ea6-7ff792415ebc call 7ff792415b8c 610->614 611->610 613->485 614->613 620 7ff792415e3a-7ff792415e41 618->620 619->608 622 7ff792415e59-7ff792415e77 call 7ff792406bc8 619->622 620->619 624 7ff792415e43-7ff792415e51 620->624 629 7ff792415e83-7ff792415e8a 622->629 624->619 624->620 629->608 630 7ff792415e79-7ff792415e7d 629->630 630->608 631 7ff792415e7f 630->631 631->629
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415CB5
                                                                                                                                                                                                    • Part of subcall function 00007FF792415608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241561C
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: GetLastError.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9D8
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF79240A94F,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240A979
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF79240A94F,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240A99E
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415CA4
                                                                                                                                                                                                    • Part of subcall function 00007FF792415668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F1A
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F2B
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F3C
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79241617C), ref: 00007FF792415F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                  • Opcode ID: de0088a748143948c8dff42953bdd1322dde3e7f395c0608c34291335c121efd
                                                                                                                                                                                                  • Instruction ID: b9922b56835cb6a47430fa522849bc3314237794634461b00519741de7c02c7a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: de0088a748143948c8dff42953bdd1322dde3e7f395c0608c34291335c121efd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FED19D26F0825246F730FF35D5811B9B661EB64B94FE08136EA0D476A6EEBCE841C760
                                                                                                                                                                                                  Function 00007FF7924169D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 691 7ff7924169d4-7ff792416a47 call 7ff792416708 694 7ff792416a49-7ff792416a52 call 7ff792404f58 691->694 695 7ff792416a61-7ff792416a6b call 7ff792408590 691->695 702 7ff792416a55-7ff792416a5c call 7ff792404f78 694->702 700 7ff792416a6d-7ff792416a84 call 7ff792404f58 call 7ff792404f78 695->700 701 7ff792416a86-7ff792416aef CreateFileW 695->701 700->702 704 7ff792416b6c-7ff792416b77 GetFileType 701->704 705 7ff792416af1-7ff792416af7 701->705 713 7ff792416da2-7ff792416dc2 702->713 707 7ff792416b79-7ff792416bb4 GetLastError call 7ff792404eec CloseHandle 704->707 708 7ff792416bca-7ff792416bd1 704->708 710 7ff792416b39-7ff792416b67 GetLastError call 7ff792404eec 705->710 711 7ff792416af9-7ff792416afd 705->711 707->702 725 7ff792416bba-7ff792416bc5 call 7ff792404f78 707->725 716 7ff792416bd9-7ff792416bdc 708->716 717 7ff792416bd3-7ff792416bd7 708->717 710->702 711->710 718 7ff792416aff-7ff792416b37 CreateFileW 711->718 722 7ff792416be2-7ff792416c37 call 7ff7924084a8 716->722 723 7ff792416bde 716->723 717->722 718->704 718->710 730 7ff792416c39-7ff792416c45 call 7ff792416910 722->730 731 7ff792416c56-7ff792416c87 call 7ff792416488 722->731 723->722 725->702 730->731 736 7ff792416c47 730->736 737 7ff792416c89-7ff792416c8b 731->737 738 7ff792416c8d-7ff792416ccf 731->738 739 7ff792416c49-7ff792416c51 call 7ff79240ab30 736->739 737->739 740 7ff792416cf1-7ff792416cfc 738->740 741 7ff792416cd1-7ff792416cd5 738->741 739->713 744 7ff792416da0 740->744 745 7ff792416d02-7ff792416d06 740->745 741->740 743 7ff792416cd7-7ff792416cec 741->743 743->740 744->713 745->744 747 7ff792416d0c-7ff792416d51 CloseHandle CreateFileW 745->747 748 7ff792416d53-7ff792416d81 GetLastError call 7ff792404eec call 7ff7924086d0 747->748 749 7ff792416d86-7ff792416d9b 747->749 748->749 749->744
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                  • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction ID: 91de4bee65c4e4ab377ce225c3ac602b93da70b0cf6b4bb298668be6855f9851
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28C1CF32B28A4186FB20FF75C4902AC7771EB59B98B914225DE2E5B3E5DF78D851C310
                                                                                                                                                                                                  Function 00007FF7923F83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F841B
                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F849E
                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84BD
                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84CB
                                                                                                                                                                                                  • FindClose.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84DC
                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84E5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                  • String ID: %s\*
                                                                                                                                                                                                  • API String ID: 1057558799-766152087
                                                                                                                                                                                                  • Opcode ID: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                  • Instruction ID: 3a902363f8afd01ea3b001ca713181755692a99e1408d147a00d54e947469636
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12419D21B0CA4284FE34BB34F5455F9B360FB94790FD0027AE99D42699DFACD90AC760
                                                                                                                                                                                                  Function 00007FF792415EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1012 7ff792415eec-7ff792415f21 call 7ff7924155f8 call 7ff792415600 call 7ff792415668 1019 7ff792415f27-7ff792415f32 call 7ff792415608 1012->1019 1020 7ff79241605f-7ff7924160cd call 7ff79240a970 call 7ff7924115e8 1012->1020 1019->1020 1025 7ff792415f38-7ff792415f43 call 7ff792415638 1019->1025 1032 7ff7924160db-7ff7924160de 1020->1032 1033 7ff7924160cf-7ff7924160d6 1020->1033 1025->1020 1031 7ff792415f49-7ff792415f6c call 7ff79240a9b8 GetTimeZoneInformation 1025->1031 1044 7ff792415f72-7ff792415f93 1031->1044 1045 7ff792416034-7ff79241605e call 7ff7924155f0 call 7ff7924155e0 call 7ff7924155e8 1031->1045 1035 7ff7924160e0 1032->1035 1036 7ff792416115-7ff792416128 call 7ff79240d66c 1032->1036 1037 7ff79241616b-7ff79241616e 1033->1037 1039 7ff7924160e3 1035->1039 1048 7ff79241612a 1036->1048 1049 7ff792416133-7ff79241614e call 7ff7924115e8 1036->1049 1037->1039 1040 7ff792416174-7ff79241617c call 7ff792415c70 1037->1040 1046 7ff7924160e8-7ff792416114 call 7ff79240a9b8 call 7ff7923fc5c0 1039->1046 1047 7ff7924160e3 call 7ff792415eec 1039->1047 1040->1046 1051 7ff792415f9e-7ff792415fa5 1044->1051 1052 7ff792415f95-7ff792415f9b 1044->1052 1047->1046 1055 7ff79241612c-7ff792416131 call 7ff79240a9b8 1048->1055 1069 7ff792416150-7ff792416153 1049->1069 1070 7ff792416155-7ff792416167 call 7ff79240a9b8 1049->1070 1057 7ff792415fa7-7ff792415faf 1051->1057 1058 7ff792415fb9 1051->1058 1052->1051 1055->1035 1057->1058 1063 7ff792415fb1-7ff792415fb7 1057->1063 1065 7ff792415fbb-7ff79241602f call 7ff79241a540 * 4 call 7ff792412bcc call 7ff792416184 * 2 1058->1065 1063->1065 1065->1045 1069->1055 1070->1037
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F1A
                                                                                                                                                                                                    • Part of subcall function 00007FF792415668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F2B
                                                                                                                                                                                                    • Part of subcall function 00007FF792415608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241561C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F3C
                                                                                                                                                                                                    • Part of subcall function 00007FF792415638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241564C
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: GetLastError.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9D8
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79241617C), ref: 00007FF792415F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                  • Opcode ID: cf1b1f5475df7cd91730c604fad9269d9b0d46dfb2f1ca5483f6a304fa158aa8
                                                                                                                                                                                                  • Instruction ID: 68d423cc19839c10c0208b90be9acf102398c17d8cf953bea46157956aca606b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf1b1f5475df7cd91730c604fad9269d9b0d46dfb2f1ca5483f6a304fa158aa8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8514E22B0865286F730FF35D9815A9F760BB58784FD08135EA4D476A6DFBCE840CB60
                                                                                                                                                                                                  Function 00007FF7923F92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                  • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction ID: 9eeca9273217486f389b198d4be13d1cca8a87e857ec1ba740330f7a1a66c995
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4F06822A1874286FB71FB70B4497A6B350AB84764F94033DD96D026D4DF7CD449CA10
                                                                                                                                                                                                  Function 00007FF7923F1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 329 7ff7923f1950-7ff7923f198b call 7ff7923f45b0 332 7ff7923f1991-7ff7923f19d1 call 7ff7923f7f80 329->332 333 7ff7923f1c4e-7ff7923f1c72 call 7ff7923fc5c0 329->333 338 7ff7923f1c3b-7ff7923f1c3e call 7ff7924000bc 332->338 339 7ff7923f19d7-7ff7923f19e7 call 7ff792400744 332->339 342 7ff7923f1c43-7ff7923f1c4b 338->342 344 7ff7923f19e9-7ff7923f1a03 call 7ff792404f78 call 7ff7923f2910 339->344 345 7ff7923f1a08-7ff7923f1a24 call 7ff79240040c 339->345 342->333 344->338 351 7ff7923f1a45-7ff7923f1a5a call 7ff792404f98 345->351 352 7ff7923f1a26-7ff7923f1a40 call 7ff792404f78 call 7ff7923f2910 345->352 359 7ff7923f1a7b-7ff7923f1b05 call 7ff7923f1c80 * 2 call 7ff792400744 call 7ff792404fb4 351->359 360 7ff7923f1a5c-7ff7923f1a76 call 7ff792404f78 call 7ff7923f2910 351->360 352->338 373 7ff7923f1b0a-7ff7923f1b14 359->373 360->338 374 7ff7923f1b35-7ff7923f1b4e call 7ff79240040c 373->374 375 7ff7923f1b16-7ff7923f1b30 call 7ff792404f78 call 7ff7923f2910 373->375 381 7ff7923f1b6f-7ff7923f1b8b call 7ff792400180 374->381 382 7ff7923f1b50-7ff7923f1b6a call 7ff792404f78 call 7ff7923f2910 374->382 375->338 389 7ff7923f1b8d-7ff7923f1b99 call 7ff7923f2710 381->389 390 7ff7923f1b9e-7ff7923f1bac 381->390 382->338 389->338 390->338 391 7ff7923f1bb2-7ff7923f1bb9 390->391 394 7ff7923f1bc1-7ff7923f1bc7 391->394 396 7ff7923f1be0-7ff7923f1bef 394->396 397 7ff7923f1bc9-7ff7923f1bd6 394->397 396->396 398 7ff7923f1bf1-7ff7923f1bfa 396->398 397->398 399 7ff7923f1c0f 398->399 400 7ff7923f1bfc-7ff7923f1bff 398->400 402 7ff7923f1c11-7ff7923f1c24 399->402 400->399 401 7ff7923f1c01-7ff7923f1c04 400->401 401->399 403 7ff7923f1c06-7ff7923f1c09 401->403 404 7ff7923f1c26 402->404 405 7ff7923f1c2d-7ff7923f1c39 402->405 403->399 406 7ff7923f1c0b-7ff7923f1c0d 403->406 404->405 405->338 405->394 406->402
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F7F80: _fread_nolock.LIBCMT ref: 00007FF7923F802A
                                                                                                                                                                                                  • _fread_nolock.LIBCMT ref: 00007FF7923F1A1B
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7923F1B6A), ref: 00007FF7923F295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2397952137-3497178890
                                                                                                                                                                                                  • Opcode ID: 64dfe99b843311b9e9f4c51c103450dd67577e3ce81869b4a86e38f648537287
                                                                                                                                                                                                  • Instruction ID: 42c7aa2e9e166cac6e00646cc9e6b8b7e5f444ad347d056e4c50bfa6b169c230
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64dfe99b843311b9e9f4c51c103450dd67577e3ce81869b4a86e38f648537287
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D818E71A0868285FB30FB34F0416F9A3A0AB48784FD44479E98D477A6DEBCE985C760
                                                                                                                                                                                                  Function 00007FF7923F1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 407 7ff7923f1600-7ff7923f1611 408 7ff7923f1613-7ff7923f161c call 7ff7923f1050 407->408 409 7ff7923f1637-7ff7923f1651 call 7ff7923f45b0 407->409 414 7ff7923f162e-7ff7923f1636 408->414 415 7ff7923f161e-7ff7923f1629 call 7ff7923f2710 408->415 416 7ff7923f1653-7ff7923f1681 call 7ff792404f78 call 7ff7923f2910 409->416 417 7ff7923f1682-7ff7923f169c call 7ff7923f45b0 409->417 415->414 424 7ff7923f169e-7ff7923f16b3 call 7ff7923f2710 417->424 425 7ff7923f16b8-7ff7923f16cf call 7ff792400744 417->425 431 7ff7923f1821-7ff7923f1824 call 7ff7924000bc 424->431 432 7ff7923f16d1-7ff7923f16f4 call 7ff792404f78 call 7ff7923f2910 425->432 433 7ff7923f16f9-7ff7923f16fd 425->433 440 7ff7923f1829-7ff7923f183b 431->440 446 7ff7923f1819-7ff7923f181c call 7ff7924000bc 432->446 434 7ff7923f16ff-7ff7923f170b call 7ff7923f1210 433->434 435 7ff7923f1717-7ff7923f1737 call 7ff792404fb4 433->435 443 7ff7923f1710-7ff7923f1712 434->443 447 7ff7923f1761-7ff7923f176c 435->447 448 7ff7923f1739-7ff7923f175c call 7ff792404f78 call 7ff7923f2910 435->448 443->446 446->431 451 7ff7923f1802-7ff7923f180a call 7ff792404fa0 447->451 452 7ff7923f1772-7ff7923f1777 447->452 460 7ff7923f180f-7ff7923f1814 448->460 451->460 453 7ff7923f1780-7ff7923f17a2 call 7ff79240040c 452->453 462 7ff7923f17a4-7ff7923f17bc call 7ff792400b4c 453->462 463 7ff7923f17da-7ff7923f17e6 call 7ff792404f78 453->463 460->446 468 7ff7923f17c5-7ff7923f17d8 call 7ff792404f78 462->468 469 7ff7923f17be-7ff7923f17c1 462->469 470 7ff7923f17ed-7ff7923f17f8 call 7ff7923f2910 463->470 468->470 469->453 471 7ff7923f17c3 469->471 475 7ff7923f17fd 470->475 471->475 475->451
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-1550345328
                                                                                                                                                                                                  • Opcode ID: 0b98e2cb60322b89481f1feebb84d2c3c9bfa2c16b8bcb19b44085f05b08a1dd
                                                                                                                                                                                                  • Instruction ID: 1bf55ee2efe303772ea2934db6b22443ad5ebd12f707e9169b80c42449e2276e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b98e2cb60322b89481f1feebb84d2c3c9bfa2c16b8bcb19b44085f05b08a1dd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B518C61B0864282FA30FB32B4015F9A360BF44B94FD44139EE4D077A6DEBCE959C760
                                                                                                                                                                                                  Function 00007FF7923F8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,?,00000000,00007FF7923F3CBB), ref: 00007FF7923F88F4
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7923F3CBB), ref: 00007FF7923F88FA
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7923F3CBB), ref: 00007FF7923F893C
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8A20: GetEnvironmentVariableW.KERNEL32(00007FF7923F388E), ref: 00007FF7923F8A57
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7923F8A79
                                                                                                                                                                                                    • Part of subcall function 00007FF7924082A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7924082C1
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2810: MessageBoxW.USER32 ref: 00007FF7923F28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                  • API String ID: 3563477958-1339014028
                                                                                                                                                                                                  • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                  • Instruction ID: cf0242bf01c4a64fb13dfa461c3fdd7c2f6c932fa38a730ef4c3aa32dd2d976b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01419411B1964285FE34FB31B9562FAA2A0AF99780FC04139DD0D477E6DEBCD945C3A0
                                                                                                                                                                                                  Function 00007FF7923F1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 754 7ff7923f1210-7ff7923f126d call 7ff7923fbdf0 757 7ff7923f126f-7ff7923f1296 call 7ff7923f2710 754->757 758 7ff7923f1297-7ff7923f12af call 7ff792404fb4 754->758 763 7ff7923f12d4-7ff7923f12e4 call 7ff792404fb4 758->763 764 7ff7923f12b1-7ff7923f12cf call 7ff792404f78 call 7ff7923f2910 758->764 770 7ff7923f12e6-7ff7923f1304 call 7ff792404f78 call 7ff7923f2910 763->770 771 7ff7923f1309-7ff7923f131b 763->771 775 7ff7923f1439-7ff7923f144e call 7ff7923fbad0 call 7ff792404fa0 * 2 764->775 770->775 774 7ff7923f1320-7ff7923f1345 call 7ff79240040c 771->774 782 7ff7923f1431 774->782 783 7ff7923f134b-7ff7923f1355 call 7ff792400180 774->783 791 7ff7923f1453-7ff7923f146d 775->791 782->775 783->782 790 7ff7923f135b-7ff7923f1367 783->790 792 7ff7923f1370-7ff7923f1398 call 7ff7923fa230 790->792 795 7ff7923f1416-7ff7923f142c call 7ff7923f2710 792->795 796 7ff7923f139a-7ff7923f139d 792->796 795->782 797 7ff7923f1411 796->797 798 7ff7923f139f-7ff7923f13a9 796->798 797->795 800 7ff7923f13d4-7ff7923f13d7 798->800 801 7ff7923f13ab-7ff7923f13b9 call 7ff792400b4c 798->801 802 7ff7923f13d9-7ff7923f13e7 call 7ff792419ea0 800->802 803 7ff7923f13ea-7ff7923f13ef 800->803 807 7ff7923f13be-7ff7923f13c1 801->807 802->803 803->792 806 7ff7923f13f5-7ff7923f13f8 803->806 809 7ff7923f140c-7ff7923f140f 806->809 810 7ff7923f13fa-7ff7923f13fd 806->810 811 7ff7923f13c3-7ff7923f13cd call 7ff792400180 807->811 812 7ff7923f13cf-7ff7923f13d2 807->812 809->782 810->795 813 7ff7923f13ff-7ff7923f1407 810->813 811->803 811->812 812->795 813->774
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-2813020118
                                                                                                                                                                                                  • Opcode ID: fa554af3ce144c50152e31c7fab49a5354931791c52d03683738cd996ec1360a
                                                                                                                                                                                                  • Instruction ID: 52bfe7fd879dee121be2168258123802a617ce2867db5ccbc202b48cdbf5904b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa554af3ce144c50152e31c7fab49a5354931791c52d03683738cd996ec1360a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C51C322B0864285FA71BB31B4013FAA2A1AF85794FD44139ED8D477D6EEBCE945C710
                                                                                                                                                                                                  Function 00007FF79240ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF79240F11A,?,?,-00000018,00007FF79240ADC3,?,?,?,00007FF79240ACBA,?,?,?,00007FF792405FAE), ref: 00007FF79240EEFC
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF79240F11A,?,?,-00000018,00007FF79240ADC3,?,?,?,00007FF79240ACBA,?,?,?,00007FF792405FAE), ref: 00007FF79240EF08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                  • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction ID: 862dc3a609f027374394eddf39368bb526ff0cb6c1891ba14bd9572b4251ed44
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B411321B1961641FB35FB36A804575B2A1BF48B90FC84139DD1D477A4EEBCEC95C360
                                                                                                                                                                                                  Function 00007FF7923F36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF7923F3804), ref: 00007FF7923F36E1
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F3804), ref: 00007FF7923F36EB
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2C9E
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2D63
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2C50: MessageBoxW.USER32 ref: 00007FF7923F2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                  • API String ID: 3187769757-2863816727
                                                                                                                                                                                                  • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction ID: afef9430ebe2df5e0e765e1b80dcbacc5ac31cff2f166623e01158535c915c12
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC215E61B1868281FE30FB31F8423F6A250BF58354FC0013ED55D825E6EEACE909C720
                                                                                                                                                                                                  Function 00007FF79240BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 899 7ff79240bacc-7ff79240baf2 900 7ff79240bb0d-7ff79240bb11 899->900 901 7ff79240baf4-7ff79240bb08 call 7ff792404f58 call 7ff792404f78 899->901 903 7ff79240bee7-7ff79240bef3 call 7ff792404f58 call 7ff792404f78 900->903 904 7ff79240bb17-7ff79240bb1e 900->904 919 7ff79240befe 901->919 922 7ff79240bef9 call 7ff79240a950 903->922 904->903 905 7ff79240bb24-7ff79240bb52 904->905 905->903 908 7ff79240bb58-7ff79240bb5f 905->908 911 7ff79240bb78-7ff79240bb7b 908->911 912 7ff79240bb61-7ff79240bb73 call 7ff792404f58 call 7ff792404f78 908->912 917 7ff79240bb81-7ff79240bb87 911->917 918 7ff79240bee3-7ff79240bee5 911->918 912->922 917->918 923 7ff79240bb8d-7ff79240bb90 917->923 920 7ff79240bf01-7ff79240bf18 918->920 919->920 922->919 923->912 926 7ff79240bb92-7ff79240bbb7 923->926 928 7ff79240bbb9-7ff79240bbbb 926->928 929 7ff79240bbea-7ff79240bbf1 926->929 932 7ff79240bbbd-7ff79240bbc4 928->932 933 7ff79240bbe2-7ff79240bbe8 928->933 930 7ff79240bbf3-7ff79240bc1b call 7ff79240d66c call 7ff79240a9b8 * 2 929->930 931 7ff79240bbc6-7ff79240bbdd call 7ff792404f58 call 7ff792404f78 call 7ff79240a950 929->931 964 7ff79240bc38-7ff79240bc63 call 7ff79240c2f4 930->964 965 7ff79240bc1d-7ff79240bc33 call 7ff792404f78 call 7ff792404f58 930->965 962 7ff79240bd70 931->962 932->931 932->933 934 7ff79240bc68-7ff79240bc7f 933->934 937 7ff79240bcfa-7ff79240bd04 call 7ff79241398c 934->937 938 7ff79240bc81-7ff79240bc89 934->938 949 7ff79240bd0a-7ff79240bd1f 937->949 950 7ff79240bd8e 937->950 938->937 943 7ff79240bc8b-7ff79240bc8d 938->943 943->937 947 7ff79240bc8f-7ff79240bca5 943->947 947->937 952 7ff79240bca7-7ff79240bcb3 947->952 949->950 954 7ff79240bd21-7ff79240bd33 GetConsoleMode 949->954 958 7ff79240bd93-7ff79240bdb3 ReadFile 950->958 952->937 956 7ff79240bcb5-7ff79240bcb7 952->956 954->950 961 7ff79240bd35-7ff79240bd3d 954->961 956->937 963 7ff79240bcb9-7ff79240bcd1 956->963 959 7ff79240bdb9-7ff79240bdc1 958->959 960 7ff79240bead-7ff79240beb6 GetLastError 958->960 959->960 966 7ff79240bdc7 959->966 969 7ff79240beb8-7ff79240bece call 7ff792404f78 call 7ff792404f58 960->969 970 7ff79240bed3-7ff79240bed6 960->970 961->958 968 7ff79240bd3f-7ff79240bd61 ReadConsoleW 961->968 971 7ff79240bd73-7ff79240bd7d call 7ff79240a9b8 962->971 963->937 972 7ff79240bcd3-7ff79240bcdf 963->972 964->934 965->962 974 7ff79240bdce-7ff79240bde3 966->974 976 7ff79240bd82-7ff79240bd8c 968->976 977 7ff79240bd63 GetLastError 968->977 969->962 981 7ff79240bd69-7ff79240bd6b call 7ff792404eec 970->981 982 7ff79240bedc-7ff79240bede 970->982 971->920 972->937 980 7ff79240bce1-7ff79240bce3 972->980 974->971 985 7ff79240bde5-7ff79240bdf0 974->985 976->974 977->981 980->937 989 7ff79240bce5-7ff79240bcf5 980->989 981->962 982->971 991 7ff79240be17-7ff79240be1f 985->991 992 7ff79240bdf2-7ff79240be0b call 7ff79240b6e4 985->992 989->937 995 7ff79240be9b-7ff79240bea8 call 7ff79240b524 991->995 996 7ff79240be21-7ff79240be33 991->996 999 7ff79240be10-7ff79240be12 992->999 995->999 1000 7ff79240be8e-7ff79240be96 996->1000 1001 7ff79240be35 996->1001 999->971 1000->971 1003 7ff79240be3a-7ff79240be41 1001->1003 1004 7ff79240be7d-7ff79240be88 1003->1004 1005 7ff79240be43-7ff79240be47 1003->1005 1004->1000 1006 7ff79240be49-7ff79240be50 1005->1006 1007 7ff79240be63 1005->1007 1006->1007 1009 7ff79240be52-7ff79240be56 1006->1009 1008 7ff79240be69-7ff79240be79 1007->1008 1008->1003 1010 7ff79240be7b 1008->1010 1009->1007 1011 7ff79240be58-7ff79240be61 1009->1011 1010->1000 1011->1008
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 69ae0c268f332f734f1ddde8e7e9e20c4ec65aef4459b41292c68196891347d6
                                                                                                                                                                                                  • Instruction ID: 5533235454ba8e2a2d4382df78540e05314d0abc64e5fa8b9afa1d483bbb4083
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69ae0c268f332f734f1ddde8e7e9e20c4ec65aef4459b41292c68196891347d6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73C19122A4C68682F770BB3594402BDF674EB81B80F954135EA4E077B1DEBCEC95C764
                                                                                                                                                                                                  Function 00007FF7923F8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 995526605-0
                                                                                                                                                                                                  • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                  • Instruction ID: d9d656dacd7a2c9f6938a29e844163da49a434c1d1bb1d92a986991bc139a949
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA217521B0CA4241FB24BB75F55127AE7A0FB857A4F900239E66D436E5DEACD844C750
                                                                                                                                                                                                  Function 00007FF7923F90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetCurrentProcess.KERNEL32 ref: 00007FF7923F8780
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: OpenProcessToken.ADVAPI32 ref: 00007FF7923F8793
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetTokenInformation.KERNELBASE ref: 00007FF7923F87B8
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetLastError.KERNEL32 ref: 00007FF7923F87C2
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetTokenInformation.KERNELBASE ref: 00007FF7923F8802
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7923F881E
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: CloseHandle.KERNEL32 ref: 00007FF7923F8836
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF7923F3C55), ref: 00007FF7923F916C
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF7923F3C55), ref: 00007FF7923F9175
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                  • API String ID: 6828938-1529539262
                                                                                                                                                                                                  • Opcode ID: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                  • Instruction ID: 311424d8e9ea677b692acf2e9729c5ccde3434773ffb7df468301400fdadef29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9214121A0874285FB20FB31F9162EAB260EF98780FD44479EA4D53796DFBCD845C760
                                                                                                                                                                                                  Function 00007FF7923F7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7923F352C,?,00000000,00007FF7923F3F23), ref: 00007FF7923F7F22
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                                                                                  • String ID: %.*s$%s%c$\
                                                                                                                                                                                                  • API String ID: 4241100979-1685191245
                                                                                                                                                                                                  • Opcode ID: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                  • Instruction ID: 211e285e782a8d6a35bcecb129da8eac2d0fbf4deca12ca85fe0f93fee71639b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B31CE21719AC145FE31BB31F8117EAB254AB94BE0F800279EA6D477C9EFACD605C710
                                                                                                                                                                                                  Function 00007FF79240CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79240CFBB), ref: 00007FF79240D0EC
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79240CFBB), ref: 00007FF79240D177
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                  • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction ID: 103f944ea6daa8fb5c12afcceeed3ddb625fccaa9fd33800dcbff6e737ed56a0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2491C322F58651C5F770FF75984027DABB0EB48B88F944139DE0E566A5CEB8DC8AC720
                                                                                                                                                                                                  Function 00007FF79240F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                  • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction ID: 72cc88a4b2c3b6b38ae3b1ed02fce88087362ae4abec1e780cecf1a8f48188dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C951D372F081118AFB38FF3499556BCA7B1AB50358F920135DE1E56AF5DF78E882CA10
                                                                                                                                                                                                  Function 00007FF7924057EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                  • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction ID: 9eaed3f63b05b1e53ff57f7e6f6061f487b82795456c12bdb2cd107bb95c0139
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB519C22E086418AFB20FF7194503BDA3B1FB48B98F944435DE0D576A9DFB8D895C720
                                                                                                                                                                                                  Function 00007FF792405698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                  • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction ID: d36111271326d06fb7afc0198b6314aa89cd02ad6bfac762f7ebd0f7689c4b4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9418122E5878183F720BF319514379A270FB94794F508334EA5C03AE2DFACA9E0C760
                                                                                                                                                                                                  Function 00007FF7923FCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                  • Opcode ID: be5adc9197d553ce51a4def294f45912a8ad1389148e4dc141829f63441f4c07
                                                                                                                                                                                                  • Instruction ID: dd9845956631f139bf3fce0ac1f3f375ddd6ba6c627555b3df60e0e0b42ee288
                                                                                                                                                                                                  • Opcode Fuzzy Hash: be5adc9197d553ce51a4def294f45912a8ad1389148e4dc141829f63441f4c07
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C314B22E8820745FF74FB34A4223F9A691AF55784FC4487DE54E472E7DEACA845C230
                                                                                                                                                                                                  Function 00007FF792409AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction ID: 80a3cdbf1964b2b01908ad54f42b7bcfba8375f163032544917115723ab38c9c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0D09E20B5878646FF347B715C99178A2616F58B41FA51438C85B063B3DDFCAC89C720
                                                                                                                                                                                                  Function 00007FF7924001AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction ID: d0f2bf28aecc6fb9067ad65c8a5e41b6e26fa9f9234c15865757fbb6884f6f37
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A513A21B4E64186F739BA35940067AE2A1BF44BA4F946734DE6C077E5CFBCDC81C620
                                                                                                                                                                                                  Function 00007FF79240C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                  • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction ID: 6552c34060c31dd540ba0d67931118b88be81861703b78eecda497e84308ed54
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA11BF61B58A8181EB20BB35E804169B361BB55BF4FA44331EE7D4B7E9CEBCD891C740
                                                                                                                                                                                                  Function 00007FF792405994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7924058A9), ref: 00007FF7924059C7
                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7924058A9), ref: 00007FF7924059DD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                  • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction ID: dc745084244fc6093867441376f30d02a384121dbbb73557c51e7adf5d240330
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0114F3265C65282FB64BF25A45117AF770FB84761F900235FA9D819E8EFACD858CF10
                                                                                                                                                                                                  Function 00007FF79240A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9CE
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9D8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction ID: 8297b0d5a80164cddd4f247ccb51e3c7b558660f6a066020a43ec6a4a04f9a82
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15E08C50F4820342FF38BBB2A845139A2606F98B80FC40430C91D862B2EEAC6CD9C770
                                                                                                                                                                                                  Function 00007FF79240ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF79240AA45,?,?,00000000,00007FF79240AAFA), ref: 00007FF79240AC36
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF79240AA45,?,?,00000000,00007FF79240AAFA), ref: 00007FF79240AC40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                  • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction ID: 86afa791a80d5c65f05655caadce01222a81725d14c625ea4fcb53e2360fb772
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7219221B5C65242FBB0B771955027DA2A29F84BD0F894235DB1E473E6CEECACC5C361
                                                                                                                                                                                                  Function 00007FF79240BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction ID: d3489ae3514f2f73695ed711c9ae88b54ab797d566ed4cd1813cafad38944ee4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2541973294820187FB34FB75E54017DB774EB55B44F900131DA8A876A1CFADE882CB61
                                                                                                                                                                                                  Function 00007FF7923F7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                  • Opcode ID: 1f3d7c6a7875eddaae2cdaf9b9c8ff977794c74e0a40744429d40cafabededa6
                                                                                                                                                                                                  • Instruction ID: f35ed1211ea16467e40df9eaed97b3be69d8752ed3ac03d211436f5a33fc2145
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f3d7c6a7875eddaae2cdaf9b9c8ff977794c74e0a40744429d40cafabededa6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E121D221B0865255FE24BA3276013FAD651BF45BC4FCC1638EE0D07B86CEBDE482C290
                                                                                                                                                                                                  Function 00007FF79240B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction ID: ce5a7b59f2e6b35efb62db27a3e8f344f1b83a47eb45e7da7f4874a603183f0a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD317E21A5864286F7617B76984137DA670AB40BA4FC10135EA6D033F2DFFCAC85CB75
                                                                                                                                                                                                  Function 00007FF7924099D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                  • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction ID: 1de30d386a2628b840859952d9ac206bae16e698cf302d56e8e4aababff9bbe2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1217C32A047828AFB24AF75C4442EC77B0EB44B18F940639D62D06EE5DFB8D984CB60
                                                                                                                                                                                                  Function 00007FF792406004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction ID: 4efa0dd4da3d9c628c22f9344f336d9ce91cb9ccdb34cd41a0576f69c2b986ea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75112C22A5864181FB70BF61940067EE274FF45B80F854031EB4E57AA6DFBDDD80C760
                                                                                                                                                                                                  Function 00007FF7924163C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction ID: 119f5df2c7e853b80c5abd1f6c1d5f04d89ea57382f3b96a5a152d483c74e988
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D21A17271864186E770FF28D440379B6A0AB94B94FA44234E69D8B6EADFBCD800CB10
                                                                                                                                                                                                  Function 00007FF79240042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction ID: 5d105b4cd94e5dd8f254cd62e86d83645646281f8296ff2ab62ea79a86631ab1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6001A521A4874140FB24FF729901169E6A1BF85FE0F985631DE5C17BE6DEBCD881C314
                                                                                                                                                                                                  Function 00007FF792405480 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalDeleteSection
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 166494926-0
                                                                                                                                                                                                  • Opcode ID: 889cbff431e411462c7684e1f894575b3325a4708cc3fe5ea587508d50f71c4e
                                                                                                                                                                                                  • Instruction ID: 7511490462f328c4d7e22cf3b251f94fcfafba1adc55ac3b8f788e6a1448e22e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 889cbff431e411462c7684e1f894575b3325a4708cc3fe5ea587508d50f71c4e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F09855E5890682FB24FB75E996278A2A0AF98795F801131C90D46272DEECACD4C321
                                                                                                                                                                                                  Function 00007FF79240EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF79240B39A,?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA), ref: 00007FF79240EC5D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                  • Instruction ID: 21946635bf3d193a91b18571c503e9e370163d3fcf91308827e19a5b8803969a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21F04F50B8D20680FF767A7165553B5A2A05F84B80FDC4430C90E462F2DD9DACE0C230
                                                                                                                                                                                                  Function 00007FF79240D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF792400D00,?,?,?,00007FF79240236A,?,?,?,?,?,00007FF792403B59), ref: 00007FF79240D6AA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction ID: 873f83a03d64d7ea6d270d2a2836dd28daec0b9b1026309f3feaa458828eeef4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F03410B8934684FF74B7B1591167892A09F94FA0F880A30DC2E852E2DEACACC4C630

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FF7923F5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5830
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5842
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5879
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F588B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58A4
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58B6
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58CF
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58E1
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58FD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F590F
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F592B
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F593D
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5959
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F596B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5987
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5999
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F59B5
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F59C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                  • API String ID: 199729137-653951865
                                                                                                                                                                                                  • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction ID: dc9a3d2920fc2324e18cebe888cca7e9e06e64a0fd30e45e3336abc934e0cc1d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D22B424B4DB0795FA35FB75B8916B4B3A0BF24781BE45039C81E02675EFFCA948C261
                                                                                                                                                                                                  Function 00007FF79241411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                  • API String ID: 808467561-2761157908
                                                                                                                                                                                                  • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                  • Instruction ID: 0f898698803440b3c090a32bcc7aa4a70d221ab3f4d7abd9a908815a7b97d6c8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85B2F472B182824AF734EF74D4407F9B7A1FB65388FA01135DA0D57A96DBB8AD04CB90
                                                                                                                                                                                                  Function 00007FF7923FAD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                  • API String ID: 0-2665694366
                                                                                                                                                                                                  • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                  • Instruction ID: c3fb92e3e6fcb2e15465252e1c5df223ea293e2e4ec358b07649fa0c9f7401cd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A520872A146A687FB64AF24E459BBE7BEAFB44340F41413DE64A87780DB7CD844CB10
                                                                                                                                                                                                  Function 00007FF7923FD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                  • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction ID: 2ff3c79e5fc833d2bf7d14806b3c5517697a6cc409d7fa690dd97a4e19483e4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70312E72608A8589FB74EF60E8843EEB360FB94704F544039DA4E47BA5EF78D548C720
                                                                                                                                                                                                  Function 00007FF79240A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                  • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction ID: 94889c00c258633559a5df360cae9942e596f143b9cc1883421094ae8b61836c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA317F32618F8186EB60EB35E8442AEB3A4FB88754F940135EA8D47B65EF7CD549CB10
                                                                                                                                                                                                  Function 00007FF7924118E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                  • Opcode ID: c3e1fc27821975bae5235a85e14025a9903763a7ee98e7b3f9cf4a52583c5e2a
                                                                                                                                                                                                  • Instruction ID: 0e90de1b4e3e3f4caa6767b5f151e1b81ea6e8a03fb43bf10d9b6577dc5cfbac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3e1fc27821975bae5235a85e14025a9903763a7ee98e7b3f9cf4a52583c5e2a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41B19222B1869241FB71FB7595005B9F361EB64BE4FA44131EA5D07BE6EEBCE841C320
                                                                                                                                                                                                  Function 00007FF7923FD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction ID: 12da6a712c69c68438df9662f7c15716ba36000a6aa6559201138beefc545c9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D118C22B14B058AFB10EB70E8442A873A4FB18758F840E30DE2D467A4DFBCE459C350
                                                                                                                                                                                                  Function 00007FF792413C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                                  • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                  • Instruction ID: dfc3a481984fc650b8bd8efa5c4ad9e15e655375114e53c6ac6800531c6fada7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAC10672B1828687E734EF2AA04866AFBA1F7A4784F948134DB4E53755DB7DEC04CB40
                                                                                                                                                                                                  Function 00007FF7923FA4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                  • API String ID: 0-1127688429
                                                                                                                                                                                                  • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                  • Instruction ID: 92494dbb60568330ae56f1d52663d89bc60360fbc324d4a5e75ce843628d2cb4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AF1A262A283D58BFBB5BB24D089B7ABBE9EF44740F45417CDA4947390CBB8E841C750
                                                                                                                                                                                                  Function 00007FF792419798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                                                  • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                  • Instruction ID: 96569c415fc07f18b27398c896645aaccc09a218435ecd1a953b37c830569454
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4B17D73A14B858BEB29EF39C446368BBE0F744B88F648821DA5D837B5CB79D851C710
                                                                                                                                                                                                  Function 00007FF792403A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                  • API String ID: 0-227171996
                                                                                                                                                                                                  • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                  • Instruction ID: 60c179ff279ff6d8567770adbb7cec30a11b2f5a87eaf6ad7c3776d4bd7a4a31
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FE1A232A4864686FB78BA358050139BFB0FF45B48F940235DA0E276A5DFA9ECC1CB50
                                                                                                                                                                                                  Function 00007FF7923FA34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                  • API String ID: 0-900081337
                                                                                                                                                                                                  • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                  • Instruction ID: bfa093e24504b8d25e6b7d419f495216e059abafd33d7b437af5501bc86aced3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45919772A1828687FBB4BB24E449BBE7AA9FF44350F55417DDA4A46780CB7CE940CB10
                                                                                                                                                                                                  Function 00007FF79240DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                                                  • API String ID: 0-3030954782
                                                                                                                                                                                                  • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                  • Instruction ID: 58f0a863ee5a90d87a675555a419b1f4423e00a642eef268ba2d2343354ae089
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5517D32B182D145F735AE35A800769B7A1E744B94F88D231CB5C47AE5CFBDD884C710
                                                                                                                                                                                                  Function 00007FF792410938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1010374628-0
                                                                                                                                                                                                  • Opcode ID: c84a74d765ef00c6a253983623dae3641fe82c8a4f3127282b638c919d32748e
                                                                                                                                                                                                  • Instruction ID: ee0f75fa89b28df6fea992d21a4d7451a847a174974b2ca1326f38133d8219ea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84a74d765ef00c6a253983623dae3641fe82c8a4f3127282b638c919d32748e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F102AA21B1E65240FB75FB31A501279B694AF25BA0FE59634DE5D463F2DEBCAC40C320
                                                                                                                                                                                                  Function 00007FF79240DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: gfffffff
                                                                                                                                                                                                  • API String ID: 0-1523873471
                                                                                                                                                                                                  • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                  • Instruction ID: 098457355f8cb43a2b378de3c07128255a255f2b8261eba0a17ff854b6923ee4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFA14562A0C78586FB31FF39A8007A9BBA0EB65784F448031DE8D477A5DEBDD949C710
                                                                                                                                                                                                  Function 00007FF792408804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: TMP
                                                                                                                                                                                                  • API String ID: 3215553584-3125297090
                                                                                                                                                                                                  • Opcode ID: c5c48554d9fb4b268e8cd657ba607fbe88563ea2f2db1d1d893087c6d1e55286
                                                                                                                                                                                                  • Instruction ID: 461aec8dfa65c42221960a01498b7895b244520e968cd8e92be253297d4beab9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5c48554d9fb4b268e8cd657ba607fbe88563ea2f2db1d1d893087c6d1e55286
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D451A112F5A25241FB74BB365A0117AE2A06F54BC4FD84434DE0D477B2EEBCEC85C2A6
                                                                                                                                                                                                  Function 00007FF7924134F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                  • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                  • Instruction ID: 19a3f9942c91fb63c93d8e43cca768d81f043ef04e19dbdab63b7d79070c0f6d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79B09220F0BA42C6FA187B316C8621862A47F58701FE80138C40C48331DEAC28E99B20
                                                                                                                                                                                                  Function 00007FF792403610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                  • Instruction ID: eb2065ad3dfe6f37eda4458b2440d59e85b6d5ee6fe4be74d05c4298f6cb3635
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCD1D866A4864285FB38BE35805023DAFB0EB45B48F944235CE0D277A5DFBDEC85CB60
                                                                                                                                                                                                  Function 00007FF7923F9870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                  • Instruction ID: 54c1c71dd679c0c5002f62957bb836da8bc996addf1471eacd517a94092b622d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15C19E762181E08BE299EA29E8694BA73D1F78930DBD5406FEF87476C5C63CA414DB20
                                                                                                                                                                                                  Function 00007FF792402C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                  • Instruction ID: b0525dc551f36054688a2e8ae2a0d1fe77b39510c7f15c8689c0d5c82fb4b104
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEB16C7294869685F775FF39805022CBBB0EB49B88FA40136CB4E473A5CFA9D881D764
                                                                                                                                                                                                  Function 00007FF79240E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                  • Instruction ID: 510ef1ba36a87f1be5978ed2a5ad9473634d88522bd6cb5103e290e3bb2fee50
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F81D272B4868186F774BB39B44037ABAA1FB45794F944235DB8D43BA5CE7CE890CB10
                                                                                                                                                                                                  Function 00007FF792416488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                  • Instruction ID: 6ef2b89cd11dfe196d511cac7ba935eb04d017780c446c15b2ac05a8aa65fc27
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E61E622F0C29246F734FA38945463DF591AF60B60FA54239DB5D4A6E6DEEDEC40C720
                                                                                                                                                                                                  Function 00007FF7924019B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                  • Instruction ID: 7d671491961b3f3a3f0fdc43428f96469b1ae5d57b918718d41d7376103dd1c6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F518436A5865182F734AB39C040329B3B0EB46B58FA44131DA4D177B4DBBAEC83CB60
                                                                                                                                                                                                  Function 00007FF7924021D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                  • Instruction ID: 45b3d4aca3bbde89f13a7c4e0b0970625bd60262661b9faba105a7a0ccf3bb51
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D516E36A5865282F774EB79C044229A3B0EB58B68F645135CE4D0B7E4CBBAEC83C750
                                                                                                                                                                                                  Function 00007FF792401DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                  • Instruction ID: 51e9f2b340187f6abe45b7f2cb9812b3707ec94d843fb6d4784ab3be28971043
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB516336A5865286F734AB39D04023CB7B0EB46B58F644231DE4D177B4CBBAEC82C790
                                                                                                                                                                                                  Function 00007FF792401BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                  • Instruction ID: 1e892c475d22410a7650661b4e06e151f9c8a6c6cf5a6d6d28011c3035c2437d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55518F36A58A5186F734AB39C044238B7B1EB86B58FA44131CE4D577B4CBBAEC83D750
                                                                                                                                                                                                  Function 00007FF7924017B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                  • Instruction ID: c15f7f2f6c58731de6090777e749c215d41b7eac759100e8b3a0e02b6f96dc2e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B751AD37A5865186F734AB39C04023CA7B1EB46B58FA45131CE4C177B8CBBAED82C794
                                                                                                                                                                                                  Function 00007FF792401FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                  • Instruction ID: 6a1dd4615fe03c41f465720109e531635f16db7acf47c06a7c72d923296104c1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33518F76A58A5186F735EB39C440629A7B0EB44B58FA44131CF4C177F9CBBAEC82CB50
                                                                                                                                                                                                  Function 00007FF792405DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                  • Instruction ID: d5e1a861b134bb9bc9461dbafa98a7af35aa976e69196268db0e748500bd0731
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F41B67289964A44FBB5BF3805046B8D6A0FF62BA0DD852B0DDDE533E2DD8C2DC6C121
                                                                                                                                                                                                  Function 00007FF792409F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 37dd2b144afbbfe46649947f678ae84c27dff2a0708fa638f5d6fa12f2f03742
                                                                                                                                                                                                  • Instruction ID: d63ef59dfb1205e22420125825cf3a262332286e058eed8b75e5cf9eca1cebeb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37dd2b144afbbfe46649947f678ae84c27dff2a0708fa638f5d6fa12f2f03742
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF410532714A6582FF14EF3ADA14569B3A1BB48FD0B899432DE0D97B64DE7DD882C700
                                                                                                                                                                                                  Function 00007FF792408154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6a5abcd9d75d22ac4583e8914368b1f68403b1c917c49d591645eae1c3163aad
                                                                                                                                                                                                  • Instruction ID: 7135234ab6d9e5e39841dfbc551e038faba936a28f35273f9847bf8bae9a9f94
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a5abcd9d75d22ac4583e8914368b1f68403b1c917c49d591645eae1c3163aad
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E031B132B19B4281F764BB31654013EB6A4AF88B90F944238EA4D57BA6DFBCD8418254
                                                                                                                                                                                                  Function 00007FF7924195E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                  • Instruction ID: 9a156cc51c6c2ae92f210ae61ceac088e692740b555c0f893085491fea9825c9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89F068717182968AEBA8EF79A4026297BD0F7587C0F90C039D58D83B14DABCD461CF54
                                                                                                                                                                                                  Function 00007FF7923FD37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                  • Instruction ID: 132ab485490bdea188b3ebf6643539c8cc70bbb72acb6c6ca6c6b7058eee1fe9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18A00221A0CC0ED4FA68FB20F899075B331FB64300BD0007AE50E450B19FBCE804E321
                                                                                                                                                                                                  Function 00007FF7923F76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                  • API String ID: 199729137-3427451314
                                                                                                                                                                                                  • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction ID: b357af498b1b287ba1627b060aa7c77e618f048a8e88d4f892687b9f9a82c47a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8028F64A0DB17D5FA34FB75B8115B4B2A1BF28794FE44039D81E02276EFBCA948C630
                                                                                                                                                                                                  Function 00007FF7923F81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7923F45E4,00000000,00007FF7923F1985), ref: 00007FF7923F9439
                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7923F88A7,?,?,00000000,00007FF7923F3CBB), ref: 00007FF7923F821C
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2810: MessageBoxW.USER32 ref: 00007FF7923F28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                  • API String ID: 1662231829-930877121
                                                                                                                                                                                                  • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                  • Instruction ID: 2f68ebe3f6dbb2bfc613c94055e0a4c35535fd25d9d824a628add5b88bae7b4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5519411B2864295FF74FB31F9526FAE260AF94780FD4443ED50E426A6EFACE804C760
                                                                                                                                                                                                  Function 00007FF7923F2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                  • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction ID: dcd52d03a91b74971a09df8325fad7571248f93dbc615319e7c56869d8b40a44
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E510626614BA186E634AF32B4181BAF7A1F7A8B61F404135EFDE43695DF7CD045CB20
                                                                                                                                                                                                  Function 00007FF7923F80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                  • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                  • API String ID: 3975851968-2863640275
                                                                                                                                                                                                  • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction ID: 4f69cfafea3f31140debda11bb921e65f5f9548f89e8c472e1d446051a40ad59
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B021D821B08A4281FB65BB7AB945179F250FF98B90F984334DE2D433E5DEACD951C220
                                                                                                                                                                                                  Function 00007FF792406300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                  • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction ID: fc6b862741257330162f87c0ea128e61edd6fbe5bfccd56e0cb67201db4eecb5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF127D62E4815386FB347E25A154279B6B5FB40B50FC44435E69B4BAE8DBBCEDC0CB20
                                                                                                                                                                                                  Function 00007FF792401038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                  • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction ID: 8a43b2d5323ca251129efe9fc775dd712c74c6a4b4c576a9599c84289ac4fb4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52126022E4C14386FB34BA65A454679B6B1FB82754FC84435E69D47AE4DBBCECC0CB20
                                                                                                                                                                                                  Function 00007FF7923F1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: 40c604b412e1376df6575b28e0bbee938e8b5d2a0ffdf7803b66b7edca27e1fd
                                                                                                                                                                                                  • Instruction ID: 771372b8d5290b0a4f41605328bb3a2779d476a0c79c7af7dec5acabc000d821
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40c604b412e1376df6575b28e0bbee938e8b5d2a0ffdf7803b66b7edca27e1fd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE416D21B1865285FA20FB22B8016F9E3A0BF44BC4FD44479ED4D077A6DEBCE546C760
                                                                                                                                                                                                  Function 00007FF7923F1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: 4f84d5ac562762f1517670685d486d606f975413e674046dad50ca350a350231
                                                                                                                                                                                                  • Instruction ID: b75d138bfa4fa29ebe402e22a2f4b96b26fd8bfdae53fb59ad54e915ceb95001
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f84d5ac562762f1517670685d486d606f975413e674046dad50ca350a350231
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45413B21B0864285FF20FB32A4415F9A3A0AF44794FD4457AED4D07BA6DEBCE946C760
                                                                                                                                                                                                  Function 00007FF7923FEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                  • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction ID: 5633734dc52ec931a2e6f866b203558d46406d7ee38c7d7b9891fa27dbea4820
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8D16D22A087418AFB30BB35B4463EDA7A0FB59788F90017EEE8D57B95DF78E441C611
                                                                                                                                                                                                  Function 00007FF7923F2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2C9E
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2D63
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF7923F2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                  • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 3940978338-251083826
                                                                                                                                                                                                  • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction ID: 4a1c8023f8a5e703208b2c0445cb571aabcc7d49442be1c93e1a4664cde89866
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D931B722708A4146FA30FB36B8056EAA695BF88794F81013AEF4D53769EF7CD946C710
                                                                                                                                                                                                  Function 00007FF7923FDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDDBD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDDCB
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDDF5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDE63
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDE6F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                  • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction ID: 8daba7fe2f3decbaefc422c555f1e2bc2733576bb5d32b546320f7ea4c2445a2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0731B221B1A60695FE32FB22B8055B4A394FF68BA0F99417DDD1D07395EFBCE444C220
                                                                                                                                                                                                  Function 00007FF7923F6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                  • API String ID: 2050909247-2434346643
                                                                                                                                                                                                  • Opcode ID: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                  • Instruction ID: 643713cac72bec00479a388cf7ee7eda7441b8cdb1113e0c1b4bd30a61930bbe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11415121B0868691FE31FB31F4562E9A311FB54344FD0417ADA5D436AAEFBCEA05C760
                                                                                                                                                                                                  Function 00007FF7923F2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7923F351A,?,00000000,00007FF7923F3F23), ref: 00007FF7923F2AA0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-2900015858
                                                                                                                                                                                                  • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction ID: ada477c65437b154532c490f080ab0f4157d924c7d789f3ee615defa0b673f67
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57213022B18B8196FA20FB61B8417E6A294BB88784F800139EE8D53659DFBCD545C750
                                                                                                                                                                                                  Function 00007FF79240B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 3f6914630b990bd6d5ed185eb2ac8fb0a00c1f556ef155dd7528e45a3e7eacb1
                                                                                                                                                                                                  • Instruction ID: 3199bf2c9c6c88f4793d1e0e593a3728cc8deb2976eb1c4f9377ef302a395514
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f6914630b990bd6d5ed185eb2ac8fb0a00c1f556ef155dd7528e45a3e7eacb1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B216A20F8C21241FB79B371665913DE1625F587A0F944638D93E4AAF6DEACBC80C720
                                                                                                                                                                                                  Function 00007FF792417DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                  • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction ID: 849bc733e7caf006961cad36f1a4bf0d029a90ff2b6d8caf8774564249a3aaed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A117221718B4186F360BB62B858329B2A0BB98BE4F504234E95D877B5DFBCDC14C750
                                                                                                                                                                                                  Function 00007FF7923F8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7923F9216), ref: 00007FF7923F8592
                                                                                                                                                                                                  • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F85E9
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7923F45E4,00000000,00007FF7923F1985), ref: 00007FF7923F9439
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F8678
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F86E4
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F86F5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F870A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3462794448-0
                                                                                                                                                                                                  • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                  • Instruction ID: 29e8ddf7d51e1db45180550725308a00474555f85b001ce92a999ce03327612d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA419022B1868241FA34BB32B5416EAA394FB84BC4F85027DDF8D57B99DE7CE405C760
                                                                                                                                                                                                  Function 00007FF79240B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B347
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B37D
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3AA
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3BB
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3CC
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3E7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 535be0abb7650dba9739cf63f960ebdc931e480e448ef041a45067decc57a7a6
                                                                                                                                                                                                  • Instruction ID: 2b6f7152d0bc88d622dcdbb3d867388efd072a746b4def992c199705b9bd0a2c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 535be0abb7650dba9739cf63f960ebdc931e480e448ef041a45067decc57a7a6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF114720B8C25282FB79B331665153DF1625F587A0FA44734E92E466E6DEFCAC81C720
                                                                                                                                                                                                  Function 00007FF7923F2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7923F1B6A), ref: 00007FF7923F295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 2050909247-2962405886
                                                                                                                                                                                                  • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction ID: 975a8f8985f7ea1c48de4b527c98306dd9d7386f0ce6b98eb22e6788abe77300
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF318462B1868156FB20F771B8416E7B295BF887D4F800139EE8D83755EFBCD946C610
                                                                                                                                                                                                  Function 00007FF7923F2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                                  • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                  • Instruction ID: 46b2015b53f17bacefaff14dc5267450ef81e1c94f0024560f92bf72615bde3d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C314C62A08A8289FB20FB31E8552F9B360FF88784F940135EA4D47A6ADF7CD545C710
                                                                                                                                                                                                  Function 00007FF7923F2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7923F918F,?,00007FF7923F3C55), ref: 00007FF7923F2BA0
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF7923F2C2A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentMessageProcess
                                                                                                                                                                                                  • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 1672936522-3797743490
                                                                                                                                                                                                  • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction ID: 356914ef7833899ef82ee62aa6c9d79282776b87b058dac667d2a71980d2f0b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A218062708B4186F720FB25F4457EAB3A4EB88780F804139EA8D5766ADF7CDA45C750
                                                                                                                                                                                                  Function 00007FF7923F2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7923F1B99), ref: 00007FF7923F2760
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-1591803126
                                                                                                                                                                                                  • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction ID: f4d1a0d1f8260d4cc32fb135c95781acf79f707402f4d333363acdba1e7e4ec7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89214172B1878196FB20FB61B4417E6A394FB88784F800139EE8D53669DFBCD549C750
                                                                                                                                                                                                  Function 00007FF792409AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction ID: 0b6c8856d1a028b6ade3d22bdb3479cb24dc58126e3eabba4f9918179d51a56f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CF04F21B0960681FB30FB34A455379A330BF59B61F940235DA6E461F4DFACD984C720
                                                                                                                                                                                                  Function 00007FF7924193D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction ID: 5a6723c8a5c6f84f4e68e092b599d00288e1212fe19db5f97075fe9291dcca2a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7111F672F5CA1201FE78B134E457375B1447F79364FA84634EA6E066F78EACAD41C124
                                                                                                                                                                                                  Function 00007FF79240B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B41F
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B43E
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B466
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B477
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B488
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 1472768eec521f084bf33d0db3d3a9e2b3852557c5142cb8537500caa3c7f240
                                                                                                                                                                                                  • Instruction ID: 49b6b29849d0e3af69fdebbd654c56c01a97a18584bf84245377beace94e295e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1472768eec521f084bf33d0db3d3a9e2b3852557c5142cb8537500caa3c7f240
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D115920F8860241FB79B3326651579F1625FA47B0F888334E92E466F6DEACFD81C620
                                                                                                                                                                                                  Function 00007FF79240B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: bdcd338af1641a199a7e807c9c3d925a20736fe3c8a61d6e1759b83039f9875f
                                                                                                                                                                                                  • Instruction ID: c0aca2957c3a3f170e21c7a2bd236481af1e18e8ec8a013d9037d81b885b85ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdcd338af1641a199a7e807c9c3d925a20736fe3c8a61d6e1759b83039f9875f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B110320F8820781FB7DB232541267EA1624F59720FD84738D93E4A2F2DDECBC81C625
                                                                                                                                                                                                  Function 00007FF792406010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: verbose
                                                                                                                                                                                                  • API String ID: 3215553584-579935070
                                                                                                                                                                                                  • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction ID: 6522134c74dd09fd3d9aac4432463780a36a85d8eb8ff601b1571d7a61ac3dcb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9691CD22A88A4681F771BE34D45077DB3B1AF44B94F844136DA8A4E3E5DEBCEC85C321
                                                                                                                                                                                                  Function 00007FF79240FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                  • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction ID: 91e2c0ae1d05cca3805638396783b905305ae31ada5740d96e6a15b2b8d9a4dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4819D32E8C24285F7747E358110278B6B0AF11B48FD78035DA0E876AADFADAD85D761
                                                                                                                                                                                                  Function 00007FF7923FD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                  • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction ID: 10c1d5a34b1974fd77a231f34af92ee4a9272c3616a060722102cc9e79440ef1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3651A032B196468AFF24BF25E049AB8B791EB44B98F90417CDA4E47748DFBDE841C710
                                                                                                                                                                                                  Function 00007FF7923FF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                  • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction ID: 8a4a8950bfd0ca9cd05805efe48693e234c5dfe9f69ae8e48975ddf4d2840c04
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62518F32A0828286FF74BE31A0452A8B6A0FB54B94F9441BEDE5D477D5CFBCE450C711
                                                                                                                                                                                                  Function 00007FF7923FEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction ID: db8936a91fb8736d2833d40076aaefaa08bb25cf6a4ba320d99360f81356ec15
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2617E32908B8581FB70AB25F4413EAB7A0FB94B84F444229EE9D07B95DFBCD191CB10
                                                                                                                                                                                                  Function 00007FF7923F2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                  • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 2030045667-255084403
                                                                                                                                                                                                  • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction ID: c7bd02efbce9a198c3fef7b6c21f2a10fa79c262e483f3d2b5cdfa04ec44ffde
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6021B162708B4181F720FB25F4457EAB3A0EB88780F804139EA8D5376ADF7CD649C710
                                                                                                                                                                                                  Function 00007FF79240C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                  • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction ID: d063c9296f669999db81bfa753df17ce53d6c2a3bd33bd0e9862f408aac0a441
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25D14432B48A81CAF720EF75D4402AC77B1FB44798B908235DE5D97BA9DE78D846C720
                                                                                                                                                                                                  Function 00007FF7923F20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                                  • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction ID: d95be0e253fb9b38ab3a2eee4078e9db3321494087a52fc4f1225a1a1b303211
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0711A921B1C14282FA74B77BF5462F9A251EB98780FD48038DF4907B9ACDADD895C714
                                                                                                                                                                                                  Function 00007FF792415B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                  • Opcode ID: f155bd354bd435491d2001a5d75f2cb8925024763f26c456ea72814c6b30993b
                                                                                                                                                                                                  • Instruction ID: c0c000c45223372383c5bd55894fe8a2f8e37918e848a5547fb92121ff955f7f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f155bd354bd435491d2001a5d75f2cb8925024763f26c456ea72814c6b30993b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC41EA12B1868145F734FB35A4413B9F660EBA0BA4F644235EE5D06AF6EEBCD841C710
                                                                                                                                                                                                  Function 00007FF792409084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7924090B6
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: GetLastError.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9D8
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7923FCC15), ref: 00007FF7924090D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                  • API String ID: 3580290477-4135087033
                                                                                                                                                                                                  • Opcode ID: fa1630dace74653f6b0450190a98483582ecfeca7c2c17535411c7911c55e872
                                                                                                                                                                                                  • Instruction ID: 9b1c53d5235bdce468934e1a1e26315ff3534129861389bf7f945c0824b3eebb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa1630dace74653f6b0450190a98483582ecfeca7c2c17535411c7911c55e872
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7418D32A48A1285FB25FF35A5500B8B3A4FB44BC0B954035EA4E47BA5CFBCEC85C360
                                                                                                                                                                                                  Function 00007FF79240CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                  • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction ID: 5014891180b3adb7d425c407ffd7aad5868a9356d80c1d08df41045b639a7b53
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78418222B58A4585EB20FF35E4443A9B760FB98794F944035EE4D877A8EF7CD841C750
                                                                                                                                                                                                  Function 00007FF79240F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                  • Opcode ID: 053b104ec6927afe595ee0362c94858496bd403d90664f218f5b6d2e85fce939
                                                                                                                                                                                                  • Instruction ID: 9f970fe717d7697a5d87db196b971452a75ed56625f1886c783567fbd4e74eda
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 053b104ec6927afe595ee0362c94858496bd403d90664f218f5b6d2e85fce939
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC21B122B0828182FB30FB21D04426DB3B1FB84B44FD64435DA8D436A5DFBCED86CA60
                                                                                                                                                                                                  Function 00007FF7923FFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                  • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction ID: 2c3b3c5194baa763e0d7a3768b513d13a82a9026f11fa922f38900a73c8e9ae3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84115132608B8182FB20AF25F440259B7E0FB98B84F584239DE8D077A9EF7CC551C700
                                                                                                                                                                                                  Function 00007FF7924107AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2320133289.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320098334.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320176639.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320281234.00007FF792432000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2320485854.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                                  • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction ID: f1603c6e6f742e3488ee968fb40b911afd97e492c17d6641f8a8d71072d5f696
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB017122B1D60285F730FF70A46627EB2A0EF58744FD01435D95D426A2DFACE944CA24

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:2.1%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:3.8%
                                                                                                                                                                                                  Total number of Nodes:841
                                                                                                                                                                                                  Total number of Limit Nodes:66
                                                                                                                                                                                                  execution_graph 52653 7ff79240f9fc 52654 7ff79240fbee 52653->52654 52656 7ff79240fa3e _isindst 52653->52656 52700 7ff792404f78 11 API calls _get_daylight 52654->52700 52656->52654 52659 7ff79240fabe _isindst 52656->52659 52674 7ff792416204 52659->52674 52664 7ff79240fc1a 52710 7ff79240a970 IsProcessorFeaturePresent 52664->52710 52671 7ff79240fb1b 52673 7ff79240fbde 52671->52673 52699 7ff792416248 37 API calls _isindst 52671->52699 52701 7ff7923fc5c0 52673->52701 52675 7ff79240fadc 52674->52675 52676 7ff792416213 52674->52676 52681 7ff792415608 52675->52681 52714 7ff792410348 EnterCriticalSection 52676->52714 52678 7ff79241621b 52679 7ff79241622c 52678->52679 52680 7ff792416074 55 API calls 52678->52680 52680->52679 52682 7ff792415611 52681->52682 52686 7ff79240faf1 52681->52686 52715 7ff792404f78 11 API calls _get_daylight 52682->52715 52684 7ff792415616 52716 7ff79240a950 37 API calls _invalid_parameter_noinfo 52684->52716 52686->52664 52687 7ff792415638 52686->52687 52688 7ff79240fb02 52687->52688 52689 7ff792415641 52687->52689 52688->52664 52693 7ff792415668 52688->52693 52717 7ff792404f78 11 API calls _get_daylight 52689->52717 52691 7ff792415646 52718 7ff79240a950 37 API calls _invalid_parameter_noinfo 52691->52718 52694 7ff79240fb13 52693->52694 52695 7ff792415671 52693->52695 52694->52664 52694->52671 52719 7ff792404f78 11 API calls _get_daylight 52695->52719 52697 7ff792415676 52720 7ff79240a950 37 API calls _invalid_parameter_noinfo 52697->52720 52699->52673 52700->52673 52702 7ff7923fc5c9 52701->52702 52703 7ff7923fc950 IsProcessorFeaturePresent 52702->52703 52704 7ff7923fc5d4 52702->52704 52705 7ff7923fc968 52703->52705 52721 7ff7923fcb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 52705->52721 52707 7ff7923fc97b 52722 7ff7923fc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 52707->52722 52711 7ff79240a983 52710->52711 52723 7ff79240a684 14 API calls 3 library calls 52711->52723 52713 7ff79240a99e GetCurrentProcess TerminateProcess 52715->52684 52716->52686 52717->52691 52718->52688 52719->52697 52720->52694 52721->52707 52723->52713 52724 7ff7923fbb50 52725 7ff7923fbb7e 52724->52725 52726 7ff7923fbb65 52724->52726 52726->52725 52729 7ff79240d66c 52726->52729 52730 7ff79240d6b7 52729->52730 52734 7ff79240d67b _get_daylight 52729->52734 52737 7ff792404f78 11 API calls _get_daylight 52730->52737 52731 7ff79240d69e HeapAlloc 52733 7ff7923fbbde 52731->52733 52731->52734 52734->52730 52734->52731 52736 7ff792413600 EnterCriticalSection LeaveCriticalSection _get_daylight 52734->52736 52736->52734 52737->52733 52738 7ff7923f2fe0 52739 7ff7923f2ff0 52738->52739 52740 7ff7923f3041 52739->52740 52741 7ff7923f302b 52739->52741 52744 7ff7923f3061 52740->52744 52745 7ff7923f3077 __std_exception_destroy 52740->52745 52814 7ff7923f2710 54 API calls _log10_special 52741->52814 52743 7ff7923f3037 __std_exception_destroy 52747 7ff7923fc5c0 _log10_special 8 API calls 52743->52747 52815 7ff7923f2710 54 API calls _log10_special 52744->52815 52745->52743 52750 7ff7923f3349 52745->52750 52753 7ff7923f3333 52745->52753 52755 7ff7923f330d 52745->52755 52757 7ff7923f3207 52745->52757 52766 7ff7923f1470 52745->52766 52796 7ff7923f1c80 52745->52796 52748 7ff7923f31fa 52747->52748 52820 7ff7923f2710 54 API calls _log10_special 52750->52820 52819 7ff7923f2710 54 API calls _log10_special 52753->52819 52818 7ff7923f2710 54 API calls _log10_special 52755->52818 52758 7ff7923f3273 52757->52758 52816 7ff79240a474 37 API calls 2 library calls 52757->52816 52760 7ff7923f3290 52758->52760 52761 7ff7923f329e 52758->52761 52817 7ff79240a474 37 API calls 2 library calls 52760->52817 52800 7ff7923f2dd0 52761->52800 52764 7ff7923f329c 52804 7ff7923f2500 52764->52804 52821 7ff7923f45b0 52766->52821 52769 7ff7923f149b 52861 7ff7923f2710 54 API calls _log10_special 52769->52861 52770 7ff7923f14bc 52831 7ff792400744 52770->52831 52773 7ff7923f14ab 52773->52745 52774 7ff7923f14d1 52775 7ff7923f14d5 52774->52775 52776 7ff7923f14f8 52774->52776 52862 7ff792404f78 11 API calls _get_daylight 52775->52862 52779 7ff7923f1532 52776->52779 52780 7ff7923f1508 52776->52780 52778 7ff7923f14da 52863 7ff7923f2910 54 API calls _log10_special 52778->52863 52783 7ff7923f154b 52779->52783 52784 7ff7923f1538 52779->52784 52864 7ff792404f78 11 API calls _get_daylight 52780->52864 52791 7ff7923f15d6 52783->52791 52795 7ff7923f14f3 __std_exception_destroy 52783->52795 52866 7ff79240040c 52783->52866 52835 7ff7923f1210 52784->52835 52785 7ff7923f1510 52865 7ff7923f2910 54 API calls _log10_special 52785->52865 52789 7ff7923f15c4 52789->52745 52869 7ff792404f78 11 API calls _get_daylight 52791->52869 52793 7ff7923f15db 52870 7ff7923f2910 54 API calls _log10_special 52793->52870 52857 7ff7924000bc 52795->52857 52797 7ff7923f1ca5 52796->52797 53109 7ff7924049f4 52797->53109 52803 7ff7923f2e04 52800->52803 52801 7ff7923f2f6f 52801->52764 52803->52801 53136 7ff79240a474 37 API calls 2 library calls 52803->53136 52805 7ff7923f252c 52804->52805 52806 7ff7923f2536 52804->52806 52808 7ff7923f9400 2 API calls 52805->52808 52807 7ff7923f254b 52806->52807 52809 7ff7923f9400 2 API calls 52806->52809 52810 7ff7923f2560 52807->52810 52811 7ff7923f9400 2 API calls 52807->52811 52808->52806 52809->52807 53137 7ff7923f2390 52810->53137 52811->52810 52813 7ff7923f257c __std_exception_destroy 52813->52743 52814->52743 52815->52743 52816->52758 52817->52764 52818->52743 52819->52743 52820->52743 52822 7ff7923f45bc 52821->52822 52871 7ff7923f9400 52822->52871 52824 7ff7923f45e4 52825 7ff7923f9400 2 API calls 52824->52825 52826 7ff7923f45f7 52825->52826 52876 7ff792406004 52826->52876 52829 7ff7923fc5c0 _log10_special 8 API calls 52830 7ff7923f1493 52829->52830 52830->52769 52830->52770 52832 7ff792400774 52831->52832 53042 7ff7924004d4 52832->53042 52834 7ff79240078d 52834->52774 52836 7ff7923f1268 52835->52836 52837 7ff7923f126f 52836->52837 52838 7ff7923f1297 52836->52838 53059 7ff7923f2710 54 API calls _log10_special 52837->53059 52841 7ff7923f12d4 52838->52841 52842 7ff7923f12b1 52838->52842 52840 7ff7923f1282 52840->52795 52846 7ff7923f12e6 52841->52846 52852 7ff7923f1309 memcpy_s 52841->52852 53060 7ff792404f78 11 API calls _get_daylight 52842->53060 52844 7ff7923f12b6 53061 7ff7923f2910 54 API calls _log10_special 52844->53061 53062 7ff792404f78 11 API calls _get_daylight 52846->53062 52848 7ff79240040c _fread_nolock 53 API calls 52848->52852 52849 7ff7923f12eb 53063 7ff7923f2910 54 API calls _log10_special 52849->53063 52851 7ff7923f12cf __std_exception_destroy 52851->52795 52852->52848 52852->52851 52855 7ff7923f13cf 52852->52855 52856 7ff792400180 37 API calls 52852->52856 53055 7ff792400b4c 52852->53055 53064 7ff7923f2710 54 API calls _log10_special 52855->53064 52856->52852 52858 7ff7924000ec 52857->52858 53081 7ff7923ffe98 52858->53081 52860 7ff792400105 52860->52789 52861->52773 52862->52778 52863->52795 52864->52785 52865->52795 53093 7ff79240042c 52866->53093 52869->52793 52870->52795 52872 7ff7923f9422 MultiByteToWideChar 52871->52872 52874 7ff7923f9446 52871->52874 52872->52874 52875 7ff7923f945c __std_exception_destroy 52872->52875 52873 7ff7923f9463 MultiByteToWideChar 52873->52875 52874->52873 52874->52875 52875->52824 52879 7ff792405f38 52876->52879 52877 7ff792405f5e 52907 7ff792404f78 11 API calls _get_daylight 52877->52907 52879->52877 52881 7ff792405f91 52879->52881 52880 7ff792405f63 52908 7ff79240a950 37 API calls _invalid_parameter_noinfo 52880->52908 52883 7ff792405fa4 52881->52883 52884 7ff792405f97 52881->52884 52895 7ff79240ac98 52883->52895 52909 7ff792404f78 11 API calls _get_daylight 52884->52909 52885 7ff7923f4606 52885->52829 52889 7ff792405fc5 52902 7ff79240ff3c 52889->52902 52890 7ff792405fb8 52910 7ff792404f78 11 API calls _get_daylight 52890->52910 52893 7ff792405fd8 52911 7ff7924054e8 LeaveCriticalSection 52893->52911 52912 7ff792410348 EnterCriticalSection 52895->52912 52897 7ff79240acaf 52898 7ff79240ad0c 19 API calls 52897->52898 52899 7ff79240acba 52898->52899 52900 7ff7924103a8 _isindst LeaveCriticalSection 52899->52900 52901 7ff792405fae 52900->52901 52901->52889 52901->52890 52913 7ff79240fc38 52902->52913 52905 7ff79240ff96 52905->52893 52907->52880 52908->52885 52909->52885 52910->52885 52918 7ff79240fc73 __vcrt_InitializeCriticalSectionEx 52913->52918 52915 7ff79240ff11 52932 7ff79240a950 37 API calls _invalid_parameter_noinfo 52915->52932 52917 7ff79240fe43 52917->52905 52925 7ff792416dc4 52917->52925 52923 7ff79240fe3a 52918->52923 52928 7ff792407aac 51 API calls 3 library calls 52918->52928 52920 7ff79240fea5 52920->52923 52929 7ff792407aac 51 API calls 3 library calls 52920->52929 52922 7ff79240fec4 52922->52923 52930 7ff792407aac 51 API calls 3 library calls 52922->52930 52923->52917 52931 7ff792404f78 11 API calls _get_daylight 52923->52931 52933 7ff7924163c4 52925->52933 52928->52920 52929->52922 52930->52923 52931->52915 52932->52917 52934 7ff7924163f9 52933->52934 52935 7ff7924163db 52933->52935 52934->52935 52938 7ff792416415 52934->52938 52987 7ff792404f78 11 API calls _get_daylight 52935->52987 52937 7ff7924163e0 52988 7ff79240a950 37 API calls _invalid_parameter_noinfo 52937->52988 52944 7ff7924169d4 52938->52944 52942 7ff7924163ec 52942->52905 52990 7ff792416708 52944->52990 52947 7ff792416a49 53021 7ff792404f58 11 API calls _get_daylight 52947->53021 52948 7ff792416a61 53009 7ff792408590 52948->53009 52966 7ff792416a4e 53022 7ff792404f78 11 API calls _get_daylight 52966->53022 52979 7ff792416440 52979->52942 52989 7ff792408568 LeaveCriticalSection 52979->52989 52987->52937 52988->52942 52991 7ff792416734 52990->52991 52995 7ff79241674e 52990->52995 52991->52995 53034 7ff792404f78 11 API calls _get_daylight 52991->53034 52993 7ff792416743 53035 7ff79240a950 37 API calls _invalid_parameter_noinfo 52993->53035 52997 7ff7924167cc 52995->52997 53036 7ff792404f78 11 API calls _get_daylight 52995->53036 52996 7ff79241681d 53006 7ff79241687a 52996->53006 53040 7ff792409be8 37 API calls 2 library calls 52996->53040 52997->52996 53038 7ff792404f78 11 API calls _get_daylight 52997->53038 53000 7ff792416876 53000->53006 53007 7ff79240a970 _isindst 17 API calls 53000->53007 53001 7ff792416812 53039 7ff79240a950 37 API calls _invalid_parameter_noinfo 53001->53039 53004 7ff7924167c1 53037 7ff79240a950 37 API calls _invalid_parameter_noinfo 53004->53037 53006->52947 53006->52948 53008 7ff79241690d 53007->53008 53041 7ff792410348 EnterCriticalSection 53009->53041 53021->52966 53022->52979 53034->52993 53035->52995 53036->53004 53037->52997 53038->53001 53039->52996 53040->53000 53043 7ff79240053e 53042->53043 53044 7ff7924004fe 53042->53044 53043->53044 53046 7ff79240054a 53043->53046 53054 7ff79240a884 37 API calls 2 library calls 53044->53054 53053 7ff7924054dc EnterCriticalSection 53046->53053 53047 7ff792400525 53047->52834 53049 7ff79240054f 53050 7ff792400658 71 API calls 53049->53050 53051 7ff792400561 53050->53051 53052 7ff7924054e8 _fread_nolock LeaveCriticalSection 53051->53052 53052->53047 53054->53047 53056 7ff792400b7c 53055->53056 53065 7ff79240089c 53056->53065 53058 7ff792400b9a 53058->52852 53059->52840 53060->52844 53061->52851 53062->52849 53063->52851 53064->52851 53066 7ff7924008e9 53065->53066 53067 7ff7924008bc 53065->53067 53066->53058 53067->53066 53068 7ff7924008c6 53067->53068 53069 7ff7924008f1 53067->53069 53079 7ff79240a884 37 API calls 2 library calls 53068->53079 53072 7ff7924007dc 53069->53072 53080 7ff7924054dc EnterCriticalSection 53072->53080 53074 7ff7924007f9 53075 7ff79240081c 74 API calls 53074->53075 53076 7ff792400802 53075->53076 53077 7ff7924054e8 _fread_nolock LeaveCriticalSection 53076->53077 53078 7ff79240080d 53077->53078 53078->53066 53079->53066 53082 7ff7923ffeb3 53081->53082 53083 7ff7923ffee1 53081->53083 53092 7ff79240a884 37 API calls 2 library calls 53082->53092 53085 7ff7923ffed3 53083->53085 53091 7ff7924054dc EnterCriticalSection 53083->53091 53085->52860 53087 7ff7923ffef8 53088 7ff7923fff14 72 API calls 53087->53088 53089 7ff7923fff04 53088->53089 53090 7ff7924054e8 _fread_nolock LeaveCriticalSection 53089->53090 53090->53085 53092->53085 53094 7ff792400456 53093->53094 53105 7ff792400424 53093->53105 53095 7ff792400465 __scrt_get_show_window_mode 53094->53095 53096 7ff7924004a2 53094->53096 53094->53105 53107 7ff792404f78 11 API calls _get_daylight 53095->53107 53106 7ff7924054dc EnterCriticalSection 53096->53106 53098 7ff7924004aa 53100 7ff7924001ac _fread_nolock 51 API calls 53098->53100 53103 7ff7924004c1 53100->53103 53101 7ff79240047a 53108 7ff79240a950 37 API calls _invalid_parameter_noinfo 53101->53108 53104 7ff7924054e8 _fread_nolock LeaveCriticalSection 53103->53104 53104->53105 53105->52783 53107->53101 53108->53105 53113 7ff792404a4e 53109->53113 53110 7ff792404a73 53127 7ff79240a884 37 API calls 2 library calls 53110->53127 53112 7ff792404aaf 53128 7ff792402c80 49 API calls _invalid_parameter_noinfo 53112->53128 53113->53110 53113->53112 53115 7ff792404a9d 53117 7ff7923fc5c0 _log10_special 8 API calls 53115->53117 53116 7ff792404b8c 53118 7ff79240a9b8 __free_lconv_num 11 API calls 53116->53118 53119 7ff7923f1cc8 53117->53119 53118->53115 53119->52745 53120 7ff792404b46 53120->53116 53121 7ff792404b61 53120->53121 53122 7ff792404bb0 53120->53122 53125 7ff792404b58 53120->53125 53129 7ff79240a9b8 53121->53129 53122->53116 53123 7ff792404bba 53122->53123 53126 7ff79240a9b8 __free_lconv_num 11 API calls 53123->53126 53125->53116 53125->53121 53126->53115 53127->53115 53128->53120 53130 7ff79240a9bd HeapFree 53129->53130 53131 7ff79240a9ec 53129->53131 53130->53131 53132 7ff79240a9d8 GetLastError 53130->53132 53131->53115 53133 7ff79240a9e5 __free_lconv_num 53132->53133 53135 7ff792404f78 11 API calls _get_daylight 53133->53135 53135->53131 53136->52801 53156 7ff7923fc8c0 53137->53156 53140 7ff7923f23e5 __scrt_get_show_window_mode 53158 7ff7923f25c0 53140->53158 53142 7ff7923f242b __scrt_get_show_window_mode 53162 7ff7924079dc 53142->53162 53145 7ff7924079dc 37 API calls 53146 7ff7923f245e 53145->53146 53147 7ff7924079dc 37 API calls 53146->53147 53148 7ff7923f246b DialogBoxIndirectParamW 53147->53148 53149 7ff7923f24a1 __std_exception_destroy 53148->53149 53150 7ff7923f24c1 DeleteObject 53149->53150 53151 7ff7923f24c7 53149->53151 53150->53151 53152 7ff7923f24d3 DestroyIcon 53151->53152 53153 7ff7923f24d9 53151->53153 53152->53153 53154 7ff7923fc5c0 _log10_special 8 API calls 53153->53154 53155 7ff7923f24ea 53154->53155 53155->52813 53157 7ff7923f23a9 GetModuleHandleW 53156->53157 53157->53140 53159 7ff7923f25e5 53158->53159 53169 7ff792404c48 53159->53169 53163 7ff7923f2451 53162->53163 53164 7ff7924079fa 53162->53164 53163->53145 53164->53163 53189 7ff7924104e4 37 API calls 2 library calls 53164->53189 53166 7ff792407a29 53166->53163 53167 7ff79240a970 _isindst 17 API calls 53166->53167 53168 7ff792407a5d 53167->53168 53170 7ff792404ca2 53169->53170 53171 7ff792404cc7 53170->53171 53173 7ff792404d03 53170->53173 53187 7ff79240a884 37 API calls 2 library calls 53171->53187 53188 7ff792403000 48 API calls _invalid_parameter_noinfo 53173->53188 53175 7ff792404cf1 53177 7ff7923fc5c0 _log10_special 8 API calls 53175->53177 53176 7ff792404de4 53178 7ff79240a9b8 __free_lconv_num 11 API calls 53176->53178 53179 7ff7923f2604 53177->53179 53178->53175 53179->53142 53180 7ff792404d9e 53180->53176 53181 7ff792404e0a 53180->53181 53182 7ff792404db9 53180->53182 53185 7ff792404db0 53180->53185 53181->53176 53183 7ff792404e14 53181->53183 53184 7ff79240a9b8 __free_lconv_num 11 API calls 53182->53184 53186 7ff79240a9b8 __free_lconv_num 11 API calls 53183->53186 53184->53175 53185->53176 53185->53182 53186->53175 53187->53175 53188->53180 53189->53166 53190 7ff7923f20c0 53191 7ff7923f20d5 53190->53191 53192 7ff7923f213b GetWindowLongPtrW 53190->53192 53195 7ff7923f210a SetWindowLongPtrW 53191->53195 53199 7ff7923f20e2 53191->53199 53200 7ff7923f2180 GetDC 53192->53200 53198 7ff7923f2124 53195->53198 53196 7ff7923f20f4 EndDialog 53197 7ff7923f20fa 53196->53197 53199->53196 53199->53197 53201 7ff7923f224d 53200->53201 53202 7ff7923f21bd 53200->53202 53203 7ff7923f2252 MoveWindow MoveWindow MoveWindow MoveWindow 53201->53203 53204 7ff7923f21ef SelectObject 53202->53204 53205 7ff7923f21fb DrawTextW 53202->53205 53206 7ff7923fc5c0 _log10_special 8 API calls 53203->53206 53204->53205 53207 7ff7923f2225 SelectObject 53205->53207 53208 7ff7923f2231 ReleaseDC 53205->53208 53209 7ff7923f2158 InvalidateRect 53206->53209 53207->53208 53208->53203 53209->53197 53210 7ff7923fccac 53231 7ff7923fce7c 53210->53231 53213 7ff7923fcdf8 53380 7ff7923fd19c 7 API calls 2 library calls 53213->53380 53214 7ff7923fccc8 __scrt_acquire_startup_lock 53216 7ff7923fce02 53214->53216 53221 7ff7923fcce6 __scrt_release_startup_lock 53214->53221 53381 7ff7923fd19c 7 API calls 2 library calls 53216->53381 53218 7ff7923fcd0b 53219 7ff7923fce0d __CxxCallCatchBlock 53220 7ff7923fcd91 53237 7ff7923fd2e4 53220->53237 53221->53218 53221->53220 53377 7ff792409b9c 45 API calls 53221->53377 53223 7ff7923fcd96 53240 7ff7923f1000 53223->53240 53228 7ff7923fcdb9 53228->53219 53379 7ff7923fd000 7 API calls 53228->53379 53230 7ff7923fcdd0 53230->53218 53232 7ff7923fce84 53231->53232 53233 7ff7923fce90 __scrt_dllmain_crt_thread_attach 53232->53233 53234 7ff7923fce9d 53233->53234 53236 7ff7923fccc0 53233->53236 53234->53236 53382 7ff7923fd8f8 7 API calls 2 library calls 53234->53382 53236->53213 53236->53214 53383 7ff79241a540 53237->53383 53239 7ff7923fd2fb GetStartupInfoW 53239->53223 53241 7ff7923f1009 53240->53241 53385 7ff7924054f4 53241->53385 53243 7ff7923f37fb 53392 7ff7923f36b0 53243->53392 53248 7ff7923fc5c0 _log10_special 8 API calls 53251 7ff7923f3ca7 53248->53251 53249 7ff7923f391b 53253 7ff7923f45b0 108 API calls 53249->53253 53250 7ff7923f383c 53252 7ff7923f1c80 49 API calls 53250->53252 53378 7ff7923fd328 GetModuleHandleW 53251->53378 53254 7ff7923f385b 53252->53254 53255 7ff7923f392b 53253->53255 53464 7ff7923f8a20 53254->53464 53257 7ff7923f396a 53255->53257 53491 7ff7923f7f80 53255->53491 53500 7ff7923f2710 54 API calls _log10_special 53257->53500 53260 7ff7923f388e 53267 7ff7923f38bb __std_exception_destroy 53260->53267 53490 7ff7923f8b90 40 API calls __std_exception_destroy 53260->53490 53261 7ff7923f395d 53262 7ff7923f3984 53261->53262 53263 7ff7923f3962 53261->53263 53265 7ff7923f1c80 49 API calls 53262->53265 53264 7ff7924000bc 74 API calls 53263->53264 53264->53257 53268 7ff7923f39a3 53265->53268 53269 7ff7923f8a20 14 API calls 53267->53269 53276 7ff7923f38de __std_exception_destroy 53267->53276 53273 7ff7923f1950 115 API calls 53268->53273 53269->53276 53271 7ff7923f3a0b 53503 7ff7923f8b90 40 API calls __std_exception_destroy 53271->53503 53275 7ff7923f39ce 53273->53275 53274 7ff7923f3a17 53504 7ff7923f8b90 40 API calls __std_exception_destroy 53274->53504 53275->53254 53278 7ff7923f39de 53275->53278 53282 7ff7923f390e __std_exception_destroy 53276->53282 53502 7ff7923f8b30 40 API calls __std_exception_destroy 53276->53502 53501 7ff7923f2710 54 API calls _log10_special 53278->53501 53279 7ff7923f3a23 53505 7ff7923f8b90 40 API calls __std_exception_destroy 53279->53505 53283 7ff7923f8a20 14 API calls 53282->53283 53284 7ff7923f3a3b 53283->53284 53285 7ff7923f3b2f 53284->53285 53286 7ff7923f3a60 __std_exception_destroy 53284->53286 53507 7ff7923f2710 54 API calls _log10_special 53285->53507 53300 7ff7923f3aab 53286->53300 53506 7ff7923f8b30 40 API calls __std_exception_destroy 53286->53506 53288 7ff7923f3808 __std_exception_destroy 53288->53248 53290 7ff7923f8a20 14 API calls 53291 7ff7923f3bf4 __std_exception_destroy 53290->53291 53292 7ff7923f3c46 53291->53292 53293 7ff7923f3d41 53291->53293 53294 7ff7923f3cd4 53292->53294 53295 7ff7923f3c50 53292->53295 53512 7ff7923f44d0 49 API calls 53293->53512 53298 7ff7923f8a20 14 API calls 53294->53298 53508 7ff7923f90e0 59 API calls _log10_special 53295->53508 53302 7ff7923f3ce0 53298->53302 53299 7ff7923f3d4f 53303 7ff7923f3d65 53299->53303 53304 7ff7923f3d71 53299->53304 53300->53290 53301 7ff7923f3c55 53305 7ff7923f3cb3 53301->53305 53306 7ff7923f3c61 53301->53306 53302->53306 53310 7ff7923f3ced 53302->53310 53513 7ff7923f4620 53303->53513 53308 7ff7923f1c80 49 API calls 53304->53308 53510 7ff7923f8850 86 API calls 2 library calls 53305->53510 53509 7ff7923f2710 54 API calls _log10_special 53306->53509 53321 7ff7923f3d2b __std_exception_destroy 53308->53321 53313 7ff7923f1c80 49 API calls 53310->53313 53311 7ff7923f3cbb 53316 7ff7923f3cbf 53311->53316 53317 7ff7923f3cc8 53311->53317 53318 7ff7923f3d0b 53313->53318 53314 7ff7923f3dc4 53315 7ff7923f9400 2 API calls 53314->53315 53319 7ff7923f3dd7 SetDllDirectoryW 53315->53319 53316->53306 53317->53321 53320 7ff7923f3d12 53318->53320 53318->53321 53325 7ff7923f3e0a 53319->53325 53369 7ff7923f3e5a 53319->53369 53511 7ff7923f2710 54 API calls _log10_special 53320->53511 53321->53314 53322 7ff7923f3da7 SetDllDirectoryW LoadLibraryExW 53321->53322 53322->53314 53327 7ff7923f8a20 14 API calls 53325->53327 53326 7ff7923f3ffc 53329 7ff7923f4006 PostMessageW GetMessageW 53326->53329 53330 7ff7923f4029 53326->53330 53335 7ff7923f3e16 __std_exception_destroy 53327->53335 53328 7ff7923f3f1b 53524 7ff7923f33c0 121 API calls 2 library calls 53328->53524 53329->53330 53477 7ff7923f3360 53330->53477 53332 7ff7923f3f23 53332->53288 53333 7ff7923f3f2b 53332->53333 53525 7ff7923f90c0 LocalFree 53333->53525 53338 7ff7923f3ef2 53335->53338 53339 7ff7923f3e4e 53335->53339 53523 7ff7923f8b30 40 API calls __std_exception_destroy 53338->53523 53339->53369 53516 7ff7923f6db0 54 API calls _get_daylight 53339->53516 53350 7ff7923f404f 53351 7ff7923f3e6c 53517 7ff7923f7330 117 API calls 2 library calls 53351->53517 53355 7ff7923f3e81 53358 7ff7923f3ea2 53355->53358 53370 7ff7923f3e85 53355->53370 53518 7ff7923f6df0 120 API calls _log10_special 53355->53518 53358->53370 53519 7ff7923f71a0 125 API calls 53358->53519 53362 7ff7923f3eb7 53362->53370 53520 7ff7923f74e0 55 API calls 53362->53520 53364 7ff7923f3ee0 53522 7ff7923f6fb0 FreeLibrary 53364->53522 53369->53326 53369->53328 53370->53369 53521 7ff7923f2a50 54 API calls _log10_special 53370->53521 53377->53220 53378->53228 53379->53230 53380->53216 53381->53219 53382->53236 53384 7ff79241a530 53383->53384 53384->53239 53384->53384 53386 7ff79240f4f0 53385->53386 53387 7ff79240f543 53386->53387 53389 7ff79240f596 53386->53389 53527 7ff79240a884 37 API calls 2 library calls 53387->53527 53528 7ff79240f3c8 71 API calls _fread_nolock 53389->53528 53391 7ff79240f56c 53391->53243 53393 7ff7923fc8c0 53392->53393 53394 7ff7923f36bc GetModuleFileNameW 53393->53394 53395 7ff7923f3710 53394->53395 53396 7ff7923f36eb GetLastError 53394->53396 53529 7ff7923f92f0 FindFirstFileExW 53395->53529 53534 7ff7923f2c50 51 API calls _log10_special 53396->53534 53399 7ff7923f3706 53404 7ff7923fc5c0 _log10_special 8 API calls 53399->53404 53401 7ff7923f3723 53535 7ff7923f9370 CreateFileW GetFinalPathNameByHandleW CloseHandle 53401->53535 53402 7ff7923f377d 53537 7ff7923f94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 53402->53537 53407 7ff7923f37b5 53404->53407 53406 7ff7923f378b 53406->53399 53538 7ff7923f2810 49 API calls _log10_special 53406->53538 53407->53288 53414 7ff7923f1950 53407->53414 53408 7ff7923f3730 53409 7ff7923f3734 53408->53409 53410 7ff7923f374c __vcrt_InitializeCriticalSectionEx 53408->53410 53536 7ff7923f2810 49 API calls _log10_special 53409->53536 53410->53402 53413 7ff7923f3745 53413->53399 53415 7ff7923f45b0 108 API calls 53414->53415 53416 7ff7923f1985 53415->53416 53417 7ff7923f1c43 53416->53417 53418 7ff7923f7f80 83 API calls 53416->53418 53419 7ff7923fc5c0 _log10_special 8 API calls 53417->53419 53420 7ff7923f19cb 53418->53420 53421 7ff7923f1c5e 53419->53421 53422 7ff792400744 73 API calls 53420->53422 53463 7ff7923f1a03 53420->53463 53421->53249 53421->53250 53424 7ff7923f19e5 53422->53424 53423 7ff7924000bc 74 API calls 53423->53417 53425 7ff7923f19e9 53424->53425 53426 7ff7923f1a08 53424->53426 53539 7ff792404f78 11 API calls _get_daylight 53425->53539 53428 7ff79240040c _fread_nolock 53 API calls 53426->53428 53430 7ff7923f1a20 53428->53430 53429 7ff7923f19ee 53540 7ff7923f2910 54 API calls _log10_special 53429->53540 53432 7ff7923f1a45 53430->53432 53433 7ff7923f1a26 53430->53433 53437 7ff7923f1a7b 53432->53437 53438 7ff7923f1a5c 53432->53438 53541 7ff792404f78 11 API calls _get_daylight 53433->53541 53435 7ff7923f1a2b 53542 7ff7923f2910 54 API calls _log10_special 53435->53542 53440 7ff7923f1c80 49 API calls 53437->53440 53543 7ff792404f78 11 API calls _get_daylight 53438->53543 53442 7ff7923f1a92 53440->53442 53441 7ff7923f1a61 53544 7ff7923f2910 54 API calls _log10_special 53441->53544 53444 7ff7923f1c80 49 API calls 53442->53444 53445 7ff7923f1add 53444->53445 53446 7ff792400744 73 API calls 53445->53446 53447 7ff7923f1b01 53446->53447 53448 7ff7923f1b35 53447->53448 53449 7ff7923f1b16 53447->53449 53451 7ff79240040c _fread_nolock 53 API calls 53448->53451 53545 7ff792404f78 11 API calls _get_daylight 53449->53545 53453 7ff7923f1b4a 53451->53453 53452 7ff7923f1b1b 53546 7ff7923f2910 54 API calls _log10_special 53452->53546 53455 7ff7923f1b6f 53453->53455 53456 7ff7923f1b50 53453->53456 53549 7ff792400180 37 API calls 2 library calls 53455->53549 53547 7ff792404f78 11 API calls _get_daylight 53456->53547 53459 7ff7923f1b89 53459->53463 53550 7ff7923f2710 54 API calls _log10_special 53459->53550 53460 7ff7923f1b55 53548 7ff7923f2910 54 API calls _log10_special 53460->53548 53463->53423 53465 7ff7923f8a2a 53464->53465 53466 7ff7923f9400 2 API calls 53465->53466 53467 7ff7923f8a49 GetEnvironmentVariableW 53466->53467 53468 7ff7923f8a66 ExpandEnvironmentStringsW 53467->53468 53469 7ff7923f8ab2 53467->53469 53468->53469 53470 7ff7923f8a88 53468->53470 53471 7ff7923fc5c0 _log10_special 8 API calls 53469->53471 53551 7ff7923f94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 53470->53551 53473 7ff7923f8ac4 53471->53473 53473->53260 53474 7ff7923f8a9a 53475 7ff7923fc5c0 _log10_special 8 API calls 53474->53475 53476 7ff7923f8aaa 53475->53476 53476->53260 53552 7ff7923f6350 53477->53552 53481 7ff7923f3381 53485 7ff7923f3399 53481->53485 53620 7ff7923f6040 53481->53620 53483 7ff7923f338d 53483->53485 53629 7ff7923f61d0 54 API calls 53483->53629 53486 7ff7923f3670 53485->53486 53487 7ff7923f367e 53486->53487 53488 7ff7923f368f 53487->53488 53683 7ff7923f9050 FreeLibrary 53487->53683 53526 7ff7923f6fb0 FreeLibrary 53488->53526 53490->53267 53492 7ff7923f7fa4 53491->53492 53493 7ff792400744 73 API calls 53492->53493 53498 7ff7923f807b __std_exception_destroy 53492->53498 53494 7ff7923f7fc0 53493->53494 53494->53498 53684 7ff792407938 53494->53684 53496 7ff792400744 73 API calls 53499 7ff7923f7fd5 53496->53499 53497 7ff79240040c _fread_nolock 53 API calls 53497->53499 53498->53261 53499->53496 53499->53497 53499->53498 53500->53288 53501->53288 53502->53271 53503->53274 53504->53279 53505->53282 53506->53300 53507->53288 53508->53301 53509->53288 53510->53311 53511->53288 53512->53299 53514 7ff7923f1c80 49 API calls 53513->53514 53515 7ff7923f4650 53514->53515 53515->53321 53516->53351 53517->53355 53518->53358 53519->53362 53520->53370 53521->53364 53522->53369 53523->53369 53524->53332 53526->53350 53527->53391 53528->53391 53530 7ff7923f9342 53529->53530 53531 7ff7923f932f FindClose 53529->53531 53532 7ff7923fc5c0 _log10_special 8 API calls 53530->53532 53531->53530 53533 7ff7923f371a 53532->53533 53533->53401 53533->53402 53534->53399 53535->53408 53536->53413 53537->53406 53538->53399 53539->53429 53540->53463 53541->53435 53542->53463 53543->53441 53544->53463 53545->53452 53546->53463 53547->53460 53548->53463 53549->53459 53550->53463 53551->53474 53553 7ff7923f6365 53552->53553 53554 7ff7923f1c80 49 API calls 53553->53554 53555 7ff7923f63a1 53554->53555 53556 7ff7923f63cd 53555->53556 53557 7ff7923f63aa 53555->53557 53559 7ff7923f4620 49 API calls 53556->53559 53640 7ff7923f2710 54 API calls _log10_special 53557->53640 53561 7ff7923f63e5 53559->53561 53560 7ff7923f63c3 53564 7ff7923fc5c0 _log10_special 8 API calls 53560->53564 53562 7ff7923f6403 53561->53562 53641 7ff7923f2710 54 API calls _log10_special 53561->53641 53630 7ff7923f4550 53562->53630 53567 7ff7923f336e 53564->53567 53567->53485 53583 7ff7923f64f0 53567->53583 53568 7ff7923f641b 53570 7ff7923f4620 49 API calls 53568->53570 53571 7ff7923f6434 53570->53571 53572 7ff7923f6459 53571->53572 53573 7ff7923f6439 53571->53573 53575 7ff7923f9070 3 API calls 53572->53575 53642 7ff7923f2710 54 API calls _log10_special 53573->53642 53576 7ff7923f6466 53575->53576 53577 7ff7923f64b1 53576->53577 53578 7ff7923f6472 53576->53578 53644 7ff7923f5820 137 API calls 53577->53644 53580 7ff7923f9400 2 API calls 53578->53580 53581 7ff7923f648a GetLastError 53580->53581 53643 7ff7923f2c50 51 API calls _log10_special 53581->53643 53645 7ff7923f53f0 53583->53645 53585 7ff7923f6516 53586 7ff7923f652f 53585->53586 53587 7ff7923f651e 53585->53587 53652 7ff7923f4c80 53586->53652 53670 7ff7923f2710 54 API calls _log10_special 53587->53670 53591 7ff7923f653b 53671 7ff7923f2710 54 API calls _log10_special 53591->53671 53592 7ff7923f654c 53595 7ff7923f655c 53592->53595 53597 7ff7923f656d 53592->53597 53594 7ff7923f652a 53594->53481 53672 7ff7923f2710 54 API calls _log10_special 53595->53672 53598 7ff7923f659d 53597->53598 53599 7ff7923f658c 53597->53599 53601 7ff7923f65bd 53598->53601 53602 7ff7923f65ac 53598->53602 53673 7ff7923f2710 54 API calls _log10_special 53599->53673 53656 7ff7923f4d40 53601->53656 53674 7ff7923f2710 54 API calls _log10_special 53602->53674 53606 7ff7923f65dd 53609 7ff7923f65fd 53606->53609 53610 7ff7923f65ec 53606->53610 53607 7ff7923f65cc 53675 7ff7923f2710 54 API calls _log10_special 53607->53675 53612 7ff7923f660f 53609->53612 53614 7ff7923f6620 53609->53614 53676 7ff7923f2710 54 API calls _log10_special 53610->53676 53677 7ff7923f2710 54 API calls _log10_special 53612->53677 53617 7ff7923f664a 53614->53617 53678 7ff792407320 73 API calls 53614->53678 53616 7ff7923f6638 53679 7ff792407320 73 API calls 53616->53679 53617->53594 53680 7ff7923f2710 54 API calls _log10_special 53617->53680 53621 7ff7923f6060 53620->53621 53621->53621 53622 7ff7923f6089 53621->53622 53627 7ff7923f60a0 __std_exception_destroy 53621->53627 53682 7ff7923f2710 54 API calls _log10_special 53622->53682 53624 7ff7923f6095 53624->53483 53625 7ff7923f61ab 53625->53483 53626 7ff7923f1470 116 API calls 53626->53627 53627->53625 53627->53626 53628 7ff7923f2710 54 API calls 53627->53628 53628->53627 53629->53485 53631 7ff7923f455a 53630->53631 53632 7ff7923f9400 2 API calls 53631->53632 53633 7ff7923f457f 53632->53633 53634 7ff7923fc5c0 _log10_special 8 API calls 53633->53634 53635 7ff7923f45a7 53634->53635 53635->53568 53636 7ff7923f9070 53635->53636 53637 7ff7923f9400 2 API calls 53636->53637 53638 7ff7923f9084 LoadLibraryExW 53637->53638 53639 7ff7923f90a3 __std_exception_destroy 53638->53639 53639->53568 53640->53560 53641->53562 53642->53560 53643->53560 53644->53560 53647 7ff7923f541c 53645->53647 53646 7ff7923f5424 53646->53585 53647->53646 53650 7ff7923f55c4 53647->53650 53681 7ff792406b14 48 API calls 53647->53681 53648 7ff7923f5787 __std_exception_destroy 53648->53585 53649 7ff7923f47c0 47 API calls 53649->53650 53650->53648 53650->53649 53653 7ff7923f4cb0 53652->53653 53654 7ff7923fc5c0 _log10_special 8 API calls 53653->53654 53655 7ff7923f4d1a 53654->53655 53655->53591 53655->53592 53657 7ff7923f4d55 53656->53657 53658 7ff7923f1c80 49 API calls 53657->53658 53659 7ff7923f4da1 53658->53659 53660 7ff7923f4e23 __std_exception_destroy 53659->53660 53661 7ff7923f1c80 49 API calls 53659->53661 53663 7ff7923fc5c0 _log10_special 8 API calls 53660->53663 53662 7ff7923f4de0 53661->53662 53662->53660 53665 7ff7923f9400 2 API calls 53662->53665 53664 7ff7923f4e6e 53663->53664 53664->53606 53664->53607 53666 7ff7923f4df6 53665->53666 53667 7ff7923f9400 2 API calls 53666->53667 53668 7ff7923f4e0d 53667->53668 53669 7ff7923f9400 2 API calls 53668->53669 53669->53660 53670->53594 53671->53594 53672->53594 53673->53594 53674->53594 53675->53594 53676->53594 53677->53594 53678->53616 53679->53617 53680->53594 53681->53647 53682->53624 53683->53488 53685 7ff792407968 53684->53685 53688 7ff792407444 53685->53688 53687 7ff792407981 53687->53499 53689 7ff79240745f 53688->53689 53690 7ff79240748e 53688->53690 53699 7ff79240a884 37 API calls 2 library calls 53689->53699 53698 7ff7924054dc EnterCriticalSection 53690->53698 53693 7ff792407493 53695 7ff7924074b0 38 API calls 53693->53695 53694 7ff79240747f 53694->53687 53696 7ff79240749f 53695->53696 53697 7ff7924054e8 _fread_nolock LeaveCriticalSection 53696->53697 53697->53694 53699->53694 53700 7ff7924099d1 53712 7ff79240a448 53700->53712 53702 7ff7924099d6 53703 7ff792409a47 53702->53703 53704 7ff7924099fd GetModuleHandleW 53702->53704 53705 7ff7924098d4 11 API calls 53703->53705 53704->53703 53710 7ff792409a0a 53704->53710 53706 7ff792409a83 53705->53706 53707 7ff792409a8a 53706->53707 53708 7ff792409aa0 11 API calls 53706->53708 53709 7ff792409a9c 53708->53709 53710->53703 53711 7ff792409af8 GetModuleHandleExW GetProcAddress FreeLibrary 53710->53711 53711->53703 53717 7ff79240b1c0 45 API calls 3 library calls 53712->53717 53714 7ff79240a451 53718 7ff79240a574 45 API calls __CxxCallCatchBlock 53714->53718 53717->53714 53719 7ffd937fcdd0 53720 7ffd937fd150 53719->53720 53721 7ffd937fcdd9 53719->53721 53721->53720 53722 7ffd937fce20 CRYPTO_free CRYPTO_free 53721->53722 53723 7ffd937fce79 7 API calls 53722->53723 53724 7ffd937fce6f 53722->53724 53744 7ffd937e11db 53723->53744 53724->53723 53726 7ffd937fced2 OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_free 53752 7ffd937e1807 10 API calls 53726->53752 53728 7ffd937fcf26 53729 7ffd937fcf32 CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_secure_free 53728->53729 53730 7ffd937fcfbb EVP_MD_get0_provider 53729->53730 53731 7ffd937fcfd0 53729->53731 53730->53731 53732 7ffd937fcfc8 EVP_MD_free 53730->53732 53733 7ffd937fcfdc EVP_MD_get0_provider 53731->53733 53736 7ffd937fcff1 53731->53736 53732->53731 53734 7ffd937fcfe9 EVP_MD_free 53733->53734 53733->53736 53734->53736 53735 7ffd937fd008 EVP_CIPHER_get0_provider 53735->53736 53737 7ffd937fd015 EVP_CIPHER_free 53735->53737 53736->53735 53738 7ffd937fd027 53736->53738 53737->53736 53739 7ffd937fd03c EVP_MD_get0_provider 53738->53739 53741 7ffd937fd05b 53738->53741 53739->53738 53740 7ffd937fd049 EVP_MD_free 53739->53740 53740->53738 53742 7ffd937fd0da CRYPTO_free CRYPTO_free CRYPTO_THREAD_lock_free CRYPTO_free CRYPTO_free 53741->53742 53743 7ffd937fd071 CRYPTO_free CRYPTO_free CRYPTO_free 53741->53743 53742->53720 53743->53742 53743->53743 53744->53726 53746 7ffd937f3790 53744->53746 53745 7ffd937f38ef 53745->53726 53746->53745 53747 7ffd937f37c0 EVP_PKEY_free 53746->53747 53748 7ffd937f37e3 X509_free EVP_PKEY_free OPENSSL_sk_pop_free CRYPTO_free 53747->53748 53748->53748 53749 7ffd937f3837 CRYPTO_free CRYPTO_free CRYPTO_free X509_STORE_free X509_STORE_free 53748->53749 53750 7ffd937e18e8 53749->53750 53751 7ffd937f38a6 CRYPTO_free CRYPTO_THREAD_lock_free CRYPTO_free 53750->53751 53751->53745 53752->53728 53753 7ff792405698 53754 7ff7924056b2 53753->53754 53755 7ff7924056cf 53753->53755 53804 7ff792404f58 11 API calls _get_daylight 53754->53804 53755->53754 53757 7ff7924056e2 CreateFileW 53755->53757 53759 7ff792405716 53757->53759 53760 7ff79240574c 53757->53760 53758 7ff7924056b7 53805 7ff792404f78 11 API calls _get_daylight 53758->53805 53778 7ff7924057ec GetFileType 53759->53778 53807 7ff792405c74 46 API calls 3 library calls 53760->53807 53765 7ff792405751 53769 7ff792405755 53765->53769 53770 7ff792405780 53765->53770 53766 7ff7924056bf 53806 7ff79240a950 37 API calls _invalid_parameter_noinfo 53766->53806 53767 7ff792405741 CloseHandle 53772 7ff7924056ca 53767->53772 53768 7ff79240572b CloseHandle 53768->53772 53808 7ff792404eec 11 API calls 2 library calls 53769->53808 53809 7ff792405a34 53770->53809 53777 7ff79240575f 53777->53772 53779 7ff79240583a 53778->53779 53780 7ff7924058f7 53778->53780 53781 7ff792405866 GetFileInformationByHandle 53779->53781 53827 7ff792405b70 21 API calls _fread_nolock 53779->53827 53782 7ff792405921 53780->53782 53783 7ff7924058ff 53780->53783 53785 7ff792405912 GetLastError 53781->53785 53786 7ff79240588f 53781->53786 53788 7ff792405944 PeekNamedPipe 53782->53788 53793 7ff7924058e2 53782->53793 53783->53785 53787 7ff792405903 53783->53787 53830 7ff792404eec 11 API calls 2 library calls 53785->53830 53789 7ff792405a34 51 API calls 53786->53789 53829 7ff792404f78 11 API calls _get_daylight 53787->53829 53788->53793 53795 7ff79240589a 53789->53795 53792 7ff7923fc5c0 _log10_special 8 API calls 53796 7ff792405724 53792->53796 53793->53792 53794 7ff792405854 53794->53781 53794->53793 53820 7ff792405994 53795->53820 53796->53767 53796->53768 53799 7ff792405994 10 API calls 53800 7ff7924058b9 53799->53800 53801 7ff792405994 10 API calls 53800->53801 53802 7ff7924058ca 53801->53802 53802->53793 53828 7ff792404f78 11 API calls _get_daylight 53802->53828 53804->53758 53805->53766 53806->53772 53807->53765 53808->53777 53810 7ff792405a5c 53809->53810 53818 7ff79240578d 53810->53818 53831 7ff79240f794 51 API calls 2 library calls 53810->53831 53812 7ff792405af0 53812->53818 53832 7ff79240f794 51 API calls 2 library calls 53812->53832 53814 7ff792405b03 53814->53818 53833 7ff79240f794 51 API calls 2 library calls 53814->53833 53816 7ff792405b16 53816->53818 53834 7ff79240f794 51 API calls 2 library calls 53816->53834 53819 7ff792405b70 21 API calls _fread_nolock 53818->53819 53819->53777 53821 7ff7924059b0 53820->53821 53822 7ff7924059bd FileTimeToSystemTime 53820->53822 53821->53822 53824 7ff7924059b8 53821->53824 53823 7ff7924059d1 SystemTimeToTzSpecificLocalTime 53822->53823 53822->53824 53823->53824 53825 7ff7923fc5c0 _log10_special 8 API calls 53824->53825 53826 7ff7924058a9 53825->53826 53826->53799 53827->53794 53828->53793 53829->53793 53830->53793 53831->53812 53832->53814 53833->53816 53834->53818

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FF7923F1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 7ff7923f1000-7ff7923f3806 call 7ff7923ffe88 call 7ff7923ffe90 call 7ff7923fc8c0 call 7ff792405460 call 7ff7924054f4 call 7ff7923f36b0 14 7ff7923f3814-7ff7923f3836 call 7ff7923f1950 0->14 15 7ff7923f3808-7ff7923f380f 0->15 20 7ff7923f391b-7ff7923f3931 call 7ff7923f45b0 14->20 21 7ff7923f383c-7ff7923f3856 call 7ff7923f1c80 14->21 16 7ff7923f3c97-7ff7923f3cb2 call 7ff7923fc5c0 15->16 28 7ff7923f3933-7ff7923f3960 call 7ff7923f7f80 20->28 29 7ff7923f396a-7ff7923f397f call 7ff7923f2710 20->29 25 7ff7923f385b-7ff7923f389b call 7ff7923f8a20 21->25 35 7ff7923f38c1-7ff7923f38cc call 7ff792404fa0 25->35 36 7ff7923f389d-7ff7923f38a3 25->36 38 7ff7923f3984-7ff7923f39a6 call 7ff7923f1c80 28->38 39 7ff7923f3962-7ff7923f3965 call 7ff7924000bc 28->39 40 7ff7923f3c8f 29->40 47 7ff7923f38d2-7ff7923f38e1 call 7ff7923f8a20 35->47 48 7ff7923f39fc-7ff7923f3a2a call 7ff7923f8b30 call 7ff7923f8b90 * 3 35->48 41 7ff7923f38a5-7ff7923f38ad 36->41 42 7ff7923f38af-7ff7923f38bd call 7ff7923f8b90 36->42 53 7ff7923f39b0-7ff7923f39b9 38->53 39->29 40->16 41->42 42->35 57 7ff7923f39f4-7ff7923f39f7 call 7ff792404fa0 47->57 58 7ff7923f38e7-7ff7923f38ed 47->58 76 7ff7923f3a2f-7ff7923f3a3e call 7ff7923f8a20 48->76 53->53 56 7ff7923f39bb-7ff7923f39d8 call 7ff7923f1950 53->56 56->25 68 7ff7923f39de-7ff7923f39ef call 7ff7923f2710 56->68 57->48 62 7ff7923f38f0-7ff7923f38fc 58->62 65 7ff7923f3905-7ff7923f3908 62->65 66 7ff7923f38fe-7ff7923f3903 62->66 65->57 69 7ff7923f390e-7ff7923f3916 call 7ff792404fa0 65->69 66->62 66->65 68->40 69->76 79 7ff7923f3b45-7ff7923f3b53 76->79 80 7ff7923f3a44-7ff7923f3a47 76->80 81 7ff7923f3b59-7ff7923f3b5d 79->81 82 7ff7923f3a67 79->82 80->79 83 7ff7923f3a4d-7ff7923f3a50 80->83 86 7ff7923f3a6b-7ff7923f3a90 call 7ff792404fa0 81->86 82->86 84 7ff7923f3a56-7ff7923f3a5a 83->84 85 7ff7923f3b14-7ff7923f3b17 83->85 84->85 87 7ff7923f3a60 84->87 88 7ff7923f3b2f-7ff7923f3b40 call 7ff7923f2710 85->88 89 7ff7923f3b19-7ff7923f3b1d 85->89 95 7ff7923f3a92-7ff7923f3aa6 call 7ff7923f8b30 86->95 96 7ff7923f3aab-7ff7923f3ac0 86->96 87->82 97 7ff7923f3c7f-7ff7923f3c87 88->97 89->88 91 7ff7923f3b1f-7ff7923f3b2a 89->91 91->86 95->96 99 7ff7923f3ac6-7ff7923f3aca 96->99 100 7ff7923f3be8-7ff7923f3bfa call 7ff7923f8a20 96->100 97->40 102 7ff7923f3ad0-7ff7923f3ae8 call 7ff7924052c0 99->102 103 7ff7923f3bcd-7ff7923f3be2 call 7ff7923f1940 99->103 108 7ff7923f3c2e 100->108 109 7ff7923f3bfc-7ff7923f3c02 100->109 113 7ff7923f3b62-7ff7923f3b7a call 7ff7924052c0 102->113 114 7ff7923f3aea-7ff7923f3b02 call 7ff7924052c0 102->114 103->99 103->100 115 7ff7923f3c31-7ff7923f3c40 call 7ff792404fa0 108->115 111 7ff7923f3c04-7ff7923f3c1c 109->111 112 7ff7923f3c1e-7ff7923f3c2c 109->112 111->115 112->115 125 7ff7923f3b7c-7ff7923f3b80 113->125 126 7ff7923f3b87-7ff7923f3b9f call 7ff7924052c0 113->126 114->103 122 7ff7923f3b08-7ff7923f3b0f 114->122 123 7ff7923f3c46-7ff7923f3c4a 115->123 124 7ff7923f3d41-7ff7923f3d63 call 7ff7923f44d0 115->124 122->103 127 7ff7923f3cd4-7ff7923f3ce6 call 7ff7923f8a20 123->127 128 7ff7923f3c50-7ff7923f3c5f call 7ff7923f90e0 123->128 139 7ff7923f3d65-7ff7923f3d6f call 7ff7923f4620 124->139 140 7ff7923f3d71-7ff7923f3d82 call 7ff7923f1c80 124->140 125->126 135 7ff7923f3ba1-7ff7923f3ba5 126->135 136 7ff7923f3bac-7ff7923f3bc4 call 7ff7924052c0 126->136 144 7ff7923f3d35-7ff7923f3d3c 127->144 145 7ff7923f3ce8-7ff7923f3ceb 127->145 142 7ff7923f3cb3-7ff7923f3cbd call 7ff7923f8850 128->142 143 7ff7923f3c61 128->143 135->136 136->103 155 7ff7923f3bc6 136->155 153 7ff7923f3d87-7ff7923f3d96 139->153 140->153 161 7ff7923f3cbf-7ff7923f3cc6 142->161 162 7ff7923f3cc8-7ff7923f3ccf 142->162 150 7ff7923f3c68 call 7ff7923f2710 143->150 144->150 145->144 151 7ff7923f3ced-7ff7923f3d10 call 7ff7923f1c80 145->151 163 7ff7923f3c6d-7ff7923f3c77 150->163 167 7ff7923f3d12-7ff7923f3d26 call 7ff7923f2710 call 7ff792404fa0 151->167 168 7ff7923f3d2b-7ff7923f3d33 call 7ff792404fa0 151->168 158 7ff7923f3dc4-7ff7923f3dda call 7ff7923f9400 153->158 159 7ff7923f3d98-7ff7923f3d9f 153->159 155->103 171 7ff7923f3ddc 158->171 172 7ff7923f3de8-7ff7923f3e04 SetDllDirectoryW 158->172 159->158 165 7ff7923f3da1-7ff7923f3da5 159->165 161->150 162->153 163->97 165->158 169 7ff7923f3da7-7ff7923f3dbe SetDllDirectoryW LoadLibraryExW 165->169 167->163 168->153 169->158 171->172 175 7ff7923f3f01-7ff7923f3f08 172->175 176 7ff7923f3e0a-7ff7923f3e19 call 7ff7923f8a20 172->176 178 7ff7923f3f0e-7ff7923f3f15 175->178 179 7ff7923f3ffc-7ff7923f4004 175->179 189 7ff7923f3e32-7ff7923f3e3c call 7ff792404fa0 176->189 190 7ff7923f3e1b-7ff7923f3e21 176->190 178->179 182 7ff7923f3f1b-7ff7923f3f25 call 7ff7923f33c0 178->182 183 7ff7923f4006-7ff7923f4023 PostMessageW GetMessageW 179->183 184 7ff7923f4029-7ff7923f403e call 7ff7923f36a0 call 7ff7923f3360 call 7ff7923f3670 179->184 182->163 196 7ff7923f3f2b-7ff7923f3f3f call 7ff7923f90c0 182->196 183->184 211 7ff7923f4043-7ff7923f405b call 7ff7923f6fb0 call 7ff7923f6d60 184->211 201 7ff7923f3ef2-7ff7923f3efc call 7ff7923f8b30 189->201 202 7ff7923f3e42-7ff7923f3e48 189->202 193 7ff7923f3e23-7ff7923f3e2b 190->193 194 7ff7923f3e2d-7ff7923f3e2f 190->194 193->194 194->189 209 7ff7923f3f64-7ff7923f3fa7 call 7ff7923f8b30 call 7ff7923f8bd0 call 7ff7923f6fb0 call 7ff7923f6d60 call 7ff7923f8ad0 196->209 210 7ff7923f3f41-7ff7923f3f5e PostMessageW GetMessageW 196->210 201->175 202->201 203 7ff7923f3e4e-7ff7923f3e54 202->203 207 7ff7923f3e56-7ff7923f3e58 203->207 208 7ff7923f3e5f-7ff7923f3e61 203->208 212 7ff7923f3e5a 207->212 213 7ff7923f3e67-7ff7923f3e83 call 7ff7923f6db0 call 7ff7923f7330 207->213 208->175 208->213 248 7ff7923f3fe9-7ff7923f3ff7 call 7ff7923f1900 209->248 249 7ff7923f3fa9-7ff7923f3fb3 call 7ff7923f9200 209->249 210->209 212->175 227 7ff7923f3e85-7ff7923f3e8c 213->227 228 7ff7923f3e8e-7ff7923f3e95 213->228 231 7ff7923f3edb-7ff7923f3ef0 call 7ff7923f2a50 call 7ff7923f6fb0 call 7ff7923f6d60 227->231 232 7ff7923f3eaf-7ff7923f3eb9 call 7ff7923f71a0 228->232 233 7ff7923f3e97-7ff7923f3ea4 call 7ff7923f6df0 228->233 231->175 242 7ff7923f3ec4-7ff7923f3ed2 call 7ff7923f74e0 232->242 243 7ff7923f3ebb-7ff7923f3ec2 232->243 233->232 246 7ff7923f3ea6-7ff7923f3ead 233->246 242->175 256 7ff7923f3ed4 242->256 243->231 246->231 248->163 249->248 259 7ff7923f3fb5-7ff7923f3fca 249->259 256->231 260 7ff7923f3fe4 call 7ff7923f2a50 259->260 261 7ff7923f3fcc-7ff7923f3fdf call 7ff7923f2710 call 7ff7923f1900 259->261 260->248 261->163
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                  • API String ID: 2776309574-4232158417
                                                                                                                                                                                                  • Opcode ID: d0508df3f57ee1b007a386c5103efc2761290cd4262653a9171a3b2890b356a0
                                                                                                                                                                                                  • Instruction ID: cad4c9d84a16d0510b78c115e172483db2c58d7f8bc0397502138080ff94a5c3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0508df3f57ee1b007a386c5103efc2761290cd4262653a9171a3b2890b356a0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90327D21B0868291FF39FB31E5562F9A661AF54780FC4407EDA4D432D6EFACE958C360
                                                                                                                                                                                                  Function 00007FFD937FCDD0 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 267 7ffd937fcdd0-7ffd937fcdd3 268 7ffd937fcdd9-7ffd937fcdfa call 7ffd937e1325 267->268 269 7ffd937fd155 267->269 272 7ffd937fd150-7ffd937fd154 268->272 273 7ffd937fce00-7ffd937fce6d call 7ffd9385d77b CRYPTO_free * 2 268->273 272->269 276 7ffd937fce79-7ffd937fcecd CRYPTO_free_ex_data OPENSSL_LH_free X509_STORE_free CTLOG_STORE_free OPENSSL_sk_free * 3 call 7ffd937e11db 273->276 277 7ffd937fce6f-7ffd937fce74 call 7ffd937e1d98 273->277 280 7ffd937fced2-7ffd937fcfb9 OPENSSL_sk_pop_free * 3 OPENSSL_sk_free call 7ffd937e1807 call 7ffd937e1032 CRYPTO_free * 4 CRYPTO_secure_free 276->280 277->276 285 7ffd937fcfbb-7ffd937fcfc6 EVP_MD_get0_provider 280->285 286 7ffd937fcfd0-7ffd937fcfda 280->286 285->286 287 7ffd937fcfc8-7ffd937fcfcb EVP_MD_free 285->287 288 7ffd937fcfdc-7ffd937fcfe7 EVP_MD_get0_provider 286->288 289 7ffd937fcff1-7ffd937fcffe 286->289 287->286 288->289 291 7ffd937fcfe9-7ffd937fcfec EVP_MD_free 288->291 290 7ffd937fd000-7ffd937fd006 289->290 292 7ffd937fd008-7ffd937fd013 EVP_CIPHER_get0_provider 290->292 293 7ffd937fd01d-7ffd937fd025 290->293 291->289 292->293 294 7ffd937fd015-7ffd937fd018 EVP_CIPHER_free 292->294 293->290 295 7ffd937fd027-7ffd937fd02e 293->295 294->293 296 7ffd937fd034-7ffd937fd03a 295->296 297 7ffd937fd03c-7ffd937fd047 EVP_MD_get0_provider 296->297 298 7ffd937fd051-7ffd937fd059 296->298 297->298 299 7ffd937fd049-7ffd937fd04c EVP_MD_free 297->299 298->296 300 7ffd937fd05b-7ffd937fd06c 298->300 299->298 301 7ffd937fd0da-7ffd937fd14b CRYPTO_free * 2 CRYPTO_THREAD_lock_free CRYPTO_free * 2 300->301 302 7ffd937fd06e 300->302 301->272 303 7ffd937fd071-7ffd937fd0d8 CRYPTO_free * 3 302->303 303->301 303->303
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                                                                                                                                                  • String ID: ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 234229340-1984206432
                                                                                                                                                                                                  • Opcode ID: 7b15eddb2f156ed3729f226b3f288ba8038d5af0e990ba8c79d896eaaab1d1e3
                                                                                                                                                                                                  • Instruction ID: a56f9af5c1645a718cc2b0424a47e3ae8118cd3b21132a9f408c06b9e8f95071
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b15eddb2f156ed3729f226b3f288ba8038d5af0e990ba8c79d896eaaab1d1e3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE913321B18B4680EB60AFE2D5612F8631AFF85BC4F444072ED0D6B79ADF6FE2458351
                                                                                                                                                                                                  Function 00007FF792415C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 392 7ff792415c70-7ff792415cab call 7ff7924155f8 call 7ff792415600 call 7ff792415668 399 7ff792415cb1-7ff792415cbc call 7ff792415608 392->399 400 7ff792415ed5-7ff792415f21 call 7ff79240a970 call 7ff7924155f8 call 7ff792415600 call 7ff792415668 392->400 399->400 405 7ff792415cc2-7ff792415ccc 399->405 425 7ff792415f27-7ff792415f32 call 7ff792415608 400->425 426 7ff79241605f-7ff7924160cd call 7ff79240a970 call 7ff7924115e8 400->426 407 7ff792415cee-7ff792415cf2 405->407 408 7ff792415cce-7ff792415cd1 405->408 411 7ff792415cf5-7ff792415cfd 407->411 410 7ff792415cd4-7ff792415cdf 408->410 414 7ff792415cea-7ff792415cec 410->414 415 7ff792415ce1-7ff792415ce8 410->415 411->411 416 7ff792415cff-7ff792415d12 call 7ff79240d66c 411->416 414->407 418 7ff792415d1b-7ff792415d29 414->418 415->410 415->414 423 7ff792415d2a-7ff792415d36 call 7ff79240a9b8 416->423 424 7ff792415d14-7ff792415d16 call 7ff79240a9b8 416->424 433 7ff792415d3d-7ff792415d45 423->433 424->418 425->426 435 7ff792415f38-7ff792415f43 call 7ff792415638 425->435 446 7ff7924160db-7ff7924160de 426->446 447 7ff7924160cf-7ff7924160d6 426->447 433->433 436 7ff792415d47-7ff792415d58 call 7ff7924104e4 433->436 435->426 444 7ff792415f49-7ff792415f6c call 7ff79240a9b8 GetTimeZoneInformation 435->444 436->400 445 7ff792415d5e-7ff792415db4 call 7ff79241a540 * 4 call 7ff792415b8c 436->445 462 7ff792415f72-7ff792415f93 444->462 463 7ff792416034-7ff79241605e call 7ff7924155f0 call 7ff7924155e0 call 7ff7924155e8 444->463 504 7ff792415db6-7ff792415dba 445->504 448 7ff7924160e0 446->448 449 7ff792416115-7ff792416128 call 7ff79240d66c 446->449 452 7ff79241616b-7ff79241616e 447->452 454 7ff7924160e3 448->454 468 7ff79241612a 449->468 469 7ff792416133-7ff79241614e call 7ff7924115e8 449->469 452->454 455 7ff792416174-7ff79241617c call 7ff792415c70 452->455 460 7ff7924160e8-7ff792416114 call 7ff79240a9b8 call 7ff7923fc5c0 454->460 461 7ff7924160e3 call 7ff792415eec 454->461 455->460 461->460 471 7ff792415f9e-7ff792415fa5 462->471 472 7ff792415f95-7ff792415f9b 462->472 478 7ff79241612c-7ff792416131 call 7ff79240a9b8 468->478 492 7ff792416150-7ff792416153 469->492 493 7ff792416155-7ff792416167 call 7ff79240a9b8 469->493 473 7ff792415fa7-7ff792415faf 471->473 474 7ff792415fb9 471->474 472->471 473->474 480 7ff792415fb1-7ff792415fb7 473->480 483 7ff792415fbb-7ff79241602f call 7ff79241a540 * 4 call 7ff792412bcc call 7ff792416184 * 2 474->483 478->448 480->483 483->463 492->478 493->452 506 7ff792415dbc 504->506 507 7ff792415dc0-7ff792415dc4 504->507 506->507 507->504 509 7ff792415dc6-7ff792415deb call 7ff792406bc8 507->509 515 7ff792415dee-7ff792415df2 509->515 517 7ff792415e01-7ff792415e05 515->517 518 7ff792415df4-7ff792415dff 515->518 517->515 518->517 520 7ff792415e07-7ff792415e0b 518->520 523 7ff792415e8c-7ff792415e90 520->523 524 7ff792415e0d-7ff792415e35 call 7ff792406bc8 520->524 526 7ff792415e97-7ff792415ea4 523->526 527 7ff792415e92-7ff792415e94 523->527 532 7ff792415e37 524->532 533 7ff792415e53-7ff792415e57 524->533 528 7ff792415ebf-7ff792415ece call 7ff7924155f0 call 7ff7924155e0 526->528 529 7ff792415ea6-7ff792415ebc call 7ff792415b8c 526->529 527->526 528->400 529->528 536 7ff792415e3a-7ff792415e41 532->536 533->523 538 7ff792415e59-7ff792415e77 call 7ff792406bc8 533->538 536->533 539 7ff792415e43-7ff792415e51 536->539 544 7ff792415e83-7ff792415e8a 538->544 539->533 539->536 544->523 545 7ff792415e79-7ff792415e7d 544->545 545->523 546 7ff792415e7f 545->546 546->544
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415CB5
                                                                                                                                                                                                    • Part of subcall function 00007FF792415608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241561C
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: HeapFree.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: GetLastError.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9D8
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF79240A94F,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240A979
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF79240A94F,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240A99E
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415CA4
                                                                                                                                                                                                    • Part of subcall function 00007FF792415668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F1A
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F2B
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F3C
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79241617C), ref: 00007FF792415F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                  • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                  • Instruction ID: b9922b56835cb6a47430fa522849bc3314237794634461b00519741de7c02c7a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FED19D26F0825246F730FF35D5811B9B661EB64B94FE08136EA0D476A6EEBCE841C760
                                                                                                                                                                                                  Function 00007FF7924169D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 667 7ff7924169d4-7ff792416a47 call 7ff792416708 670 7ff792416a49-7ff792416a52 call 7ff792404f58 667->670 671 7ff792416a61-7ff792416a6b call 7ff792408590 667->671 676 7ff792416a55-7ff792416a5c call 7ff792404f78 670->676 677 7ff792416a6d-7ff792416a84 call 7ff792404f58 call 7ff792404f78 671->677 678 7ff792416a86-7ff792416aef CreateFileW 671->678 691 7ff792416da2-7ff792416dc2 676->691 677->676 679 7ff792416b6c-7ff792416b77 GetFileType 678->679 680 7ff792416af1-7ff792416af7 678->680 686 7ff792416b79-7ff792416bb4 GetLastError call 7ff792404eec CloseHandle 679->686 687 7ff792416bca-7ff792416bd1 679->687 683 7ff792416b39-7ff792416b67 GetLastError call 7ff792404eec 680->683 684 7ff792416af9-7ff792416afd 680->684 683->676 684->683 689 7ff792416aff-7ff792416b37 CreateFileW 684->689 686->676 702 7ff792416bba-7ff792416bc5 call 7ff792404f78 686->702 694 7ff792416bd9-7ff792416bdc 687->694 695 7ff792416bd3-7ff792416bd7 687->695 689->679 689->683 696 7ff792416bde 694->696 697 7ff792416be2-7ff792416c37 call 7ff7924084a8 694->697 695->697 696->697 705 7ff792416c39-7ff792416c45 call 7ff792416910 697->705 706 7ff792416c56-7ff792416c87 call 7ff792416488 697->706 702->676 705->706 712 7ff792416c47 705->712 713 7ff792416c89-7ff792416c8b 706->713 714 7ff792416c8d-7ff792416ccf 706->714 717 7ff792416c49-7ff792416c51 call 7ff79240ab30 712->717 713->717 715 7ff792416cf1-7ff792416cfc 714->715 716 7ff792416cd1-7ff792416cd5 714->716 719 7ff792416da0 715->719 720 7ff792416d02-7ff792416d06 715->720 716->715 718 7ff792416cd7-7ff792416cec 716->718 717->691 718->715 719->691 720->719 722 7ff792416d0c-7ff792416d51 CloseHandle CreateFileW 720->722 724 7ff792416d53-7ff792416d81 GetLastError call 7ff792404eec call 7ff7924086d0 722->724 725 7ff792416d86-7ff792416d9b 722->725 724->725 725->719
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                  • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction ID: 91de4bee65c4e4ab377ce225c3ac602b93da70b0cf6b4bb298668be6855f9851
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28C1CF32B28A4186FB20FF75C4902AC7771EB59B98B914225DE2E5B3E5DF78D851C310
                                                                                                                                                                                                  Function 00007FF792415EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1004 7ff792415eec-7ff792415f21 call 7ff7924155f8 call 7ff792415600 call 7ff792415668 1011 7ff792415f27-7ff792415f32 call 7ff792415608 1004->1011 1012 7ff79241605f-7ff7924160cd call 7ff79240a970 call 7ff7924115e8 1004->1012 1011->1012 1017 7ff792415f38-7ff792415f43 call 7ff792415638 1011->1017 1024 7ff7924160db-7ff7924160de 1012->1024 1025 7ff7924160cf-7ff7924160d6 1012->1025 1017->1012 1023 7ff792415f49-7ff792415f6c call 7ff79240a9b8 GetTimeZoneInformation 1017->1023 1038 7ff792415f72-7ff792415f93 1023->1038 1039 7ff792416034-7ff79241605e call 7ff7924155f0 call 7ff7924155e0 call 7ff7924155e8 1023->1039 1026 7ff7924160e0 1024->1026 1027 7ff792416115-7ff792416128 call 7ff79240d66c 1024->1027 1029 7ff79241616b-7ff79241616e 1025->1029 1031 7ff7924160e3 1026->1031 1042 7ff79241612a 1027->1042 1043 7ff792416133-7ff79241614e call 7ff7924115e8 1027->1043 1029->1031 1032 7ff792416174-7ff79241617c call 7ff792415c70 1029->1032 1036 7ff7924160e8-7ff792416114 call 7ff79240a9b8 call 7ff7923fc5c0 1031->1036 1037 7ff7924160e3 call 7ff792415eec 1031->1037 1032->1036 1037->1036 1045 7ff792415f9e-7ff792415fa5 1038->1045 1046 7ff792415f95-7ff792415f9b 1038->1046 1051 7ff79241612c-7ff792416131 call 7ff79240a9b8 1042->1051 1063 7ff792416150-7ff792416153 1043->1063 1064 7ff792416155-7ff792416167 call 7ff79240a9b8 1043->1064 1047 7ff792415fa7-7ff792415faf 1045->1047 1048 7ff792415fb9 1045->1048 1046->1045 1047->1048 1053 7ff792415fb1-7ff792415fb7 1047->1053 1055 7ff792415fbb-7ff79241602f call 7ff79241a540 * 4 call 7ff792412bcc call 7ff792416184 * 2 1048->1055 1051->1026 1053->1055 1055->1039 1063->1051 1064->1029
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F1A
                                                                                                                                                                                                    • Part of subcall function 00007FF792415668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F2B
                                                                                                                                                                                                    • Part of subcall function 00007FF792415608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241561C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF792415F3C
                                                                                                                                                                                                    • Part of subcall function 00007FF792415638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79241564C
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: HeapFree.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: GetLastError.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9D8
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79241617C), ref: 00007FF792415F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                  • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                  • Instruction ID: 68d423cc19839c10c0208b90be9acf102398c17d8cf953bea46157956aca606b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8514E22B0865286F730FF35D9815A9F760BB58784FD08135EA4D476A6DFBCE840CB60
                                                                                                                                                                                                  Function 00007FF7923F92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                  • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction ID: 9eeca9273217486f389b198d4be13d1cca8a87e857ec1ba740330f7a1a66c995
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4F06822A1874286FB71FB70B4497A6B350AB84764F94033DD96D026D4DF7CD449CA10
                                                                                                                                                                                                  Function 00007FF7923F1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 304 7ff7923f1950-7ff7923f198b call 7ff7923f45b0 307 7ff7923f1991-7ff7923f19d1 call 7ff7923f7f80 304->307 308 7ff7923f1c4e-7ff7923f1c72 call 7ff7923fc5c0 304->308 313 7ff7923f1c3b-7ff7923f1c3e call 7ff7924000bc 307->313 314 7ff7923f19d7-7ff7923f19e7 call 7ff792400744 307->314 318 7ff7923f1c43-7ff7923f1c4b 313->318 319 7ff7923f19e9-7ff7923f1a03 call 7ff792404f78 call 7ff7923f2910 314->319 320 7ff7923f1a08-7ff7923f1a24 call 7ff79240040c 314->320 318->308 319->313 326 7ff7923f1a45-7ff7923f1a5a call 7ff792404f98 320->326 327 7ff7923f1a26-7ff7923f1a40 call 7ff792404f78 call 7ff7923f2910 320->327 334 7ff7923f1a7b-7ff7923f1b05 call 7ff7923f1c80 * 2 call 7ff792400744 call 7ff792404fb4 326->334 335 7ff7923f1a5c-7ff7923f1a76 call 7ff792404f78 call 7ff7923f2910 326->335 327->313 348 7ff7923f1b0a-7ff7923f1b14 334->348 335->313 349 7ff7923f1b35-7ff7923f1b4e call 7ff79240040c 348->349 350 7ff7923f1b16-7ff7923f1b30 call 7ff792404f78 call 7ff7923f2910 348->350 356 7ff7923f1b6f-7ff7923f1b8b call 7ff792400180 349->356 357 7ff7923f1b50-7ff7923f1b6a call 7ff792404f78 call 7ff7923f2910 349->357 350->313 364 7ff7923f1b8d-7ff7923f1b99 call 7ff7923f2710 356->364 365 7ff7923f1b9e-7ff7923f1bac 356->365 357->313 364->313 365->313 368 7ff7923f1bb2-7ff7923f1bb9 365->368 370 7ff7923f1bc1-7ff7923f1bc7 368->370 371 7ff7923f1be0-7ff7923f1bef 370->371 372 7ff7923f1bc9-7ff7923f1bd6 370->372 371->371 373 7ff7923f1bf1-7ff7923f1bfa 371->373 372->373 374 7ff7923f1c0f 373->374 375 7ff7923f1bfc-7ff7923f1bff 373->375 376 7ff7923f1c11-7ff7923f1c24 374->376 375->374 377 7ff7923f1c01-7ff7923f1c04 375->377 379 7ff7923f1c26 376->379 380 7ff7923f1c2d-7ff7923f1c39 376->380 377->374 378 7ff7923f1c06-7ff7923f1c09 377->378 378->374 381 7ff7923f1c0b-7ff7923f1c0d 378->381 379->380 380->313 380->370 381->376
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F7F80: _fread_nolock.LIBCMT ref: 00007FF7923F802A
                                                                                                                                                                                                  • _fread_nolock.LIBCMT ref: 00007FF7923F1A1B
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7923F1B6A), ref: 00007FF7923F295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2397952137-3497178890
                                                                                                                                                                                                  • Opcode ID: abc02df14881b8553accab44fb79ef53eaa7c88a432e732f5ead529d710b0ae2
                                                                                                                                                                                                  • Instruction ID: 42c7aa2e9e166cac6e00646cc9e6b8b7e5f444ad347d056e4c50bfa6b169c230
                                                                                                                                                                                                  • Opcode Fuzzy Hash: abc02df14881b8553accab44fb79ef53eaa7c88a432e732f5ead529d710b0ae2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D818E71A0868285FB30FB34F0416F9A3A0AB48784FD44479E98D477A6DEBCE985C760
                                                                                                                                                                                                  Function 00007FF7923F2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                  • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction ID: dcd52d03a91b74971a09df8325fad7571248f93dbc615319e7c56869d8b40a44
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E510626614BA186E634AF32B4181BAF7A1F7A8B61F404135EFDE43695DF7CD045CB20
                                                                                                                                                                                                  Function 00007FF7923F1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: 04b243870eaa5c32a21b3d253070710121dc7759fdc345f161b4ef5edbe2d9a9
                                                                                                                                                                                                  • Instruction ID: b75d138bfa4fa29ebe402e22a2f4b96b26fd8bfdae53fb59ad54e915ceb95001
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04b243870eaa5c32a21b3d253070710121dc7759fdc345f161b4ef5edbe2d9a9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45413B21B0864285FF20FB32A4415F9A3A0AF44794FD4457AED4D07BA6DEBCE946C760
                                                                                                                                                                                                  Function 00007FF7923F1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 730 7ff7923f1210-7ff7923f126d call 7ff7923fbdf0 733 7ff7923f126f-7ff7923f1296 call 7ff7923f2710 730->733 734 7ff7923f1297-7ff7923f12af call 7ff792404fb4 730->734 739 7ff7923f12d4-7ff7923f12e4 call 7ff792404fb4 734->739 740 7ff7923f12b1-7ff7923f12cf call 7ff792404f78 call 7ff7923f2910 734->740 746 7ff7923f12e6-7ff7923f1304 call 7ff792404f78 call 7ff7923f2910 739->746 747 7ff7923f1309-7ff7923f131b 739->747 752 7ff7923f1439-7ff7923f146d call 7ff7923fbad0 call 7ff792404fa0 * 2 740->752 746->752 748 7ff7923f1320-7ff7923f1345 call 7ff79240040c 747->748 759 7ff7923f1431 748->759 760 7ff7923f134b-7ff7923f1355 call 7ff792400180 748->760 759->752 760->759 766 7ff7923f135b-7ff7923f1367 760->766 768 7ff7923f1370-7ff7923f1398 call 7ff7923fa230 766->768 771 7ff7923f1416-7ff7923f142c call 7ff7923f2710 768->771 772 7ff7923f139a-7ff7923f139d 768->772 771->759 774 7ff7923f1411 772->774 775 7ff7923f139f-7ff7923f13a9 772->775 774->771 776 7ff7923f13d4-7ff7923f13d7 775->776 777 7ff7923f13ab-7ff7923f13b9 call 7ff792400b4c 775->777 778 7ff7923f13d9-7ff7923f13e7 call 7ff792419ea0 776->778 779 7ff7923f13ea-7ff7923f13ef 776->779 781 7ff7923f13be-7ff7923f13c1 777->781 778->779 779->768 783 7ff7923f13f5-7ff7923f13f8 779->783 784 7ff7923f13c3-7ff7923f13cd call 7ff792400180 781->784 785 7ff7923f13cf-7ff7923f13d2 781->785 787 7ff7923f140c-7ff7923f140f 783->787 788 7ff7923f13fa-7ff7923f13fd 783->788 784->779 784->785 785->771 787->759 788->771 790 7ff7923f13ff-7ff7923f1407 788->790 790->748
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-2813020118
                                                                                                                                                                                                  • Opcode ID: d1e98af981c38af556f8ae3374d5d3c26190a069fecd9da32f136ef13cde2e87
                                                                                                                                                                                                  • Instruction ID: 52bfe7fd879dee121be2168258123802a617ce2867db5ccbc202b48cdbf5904b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1e98af981c38af556f8ae3374d5d3c26190a069fecd9da32f136ef13cde2e87
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C51C322B0864285FA71BB31B4013FAA2A1AF85794FD44139ED8D477D6EEBCE945C710
                                                                                                                                                                                                  Function 00007FF7923F36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF7923F3804), ref: 00007FF7923F36E1
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F3804), ref: 00007FF7923F36EB
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2C9E
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2D63
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2C50: MessageBoxW.USER32 ref: 00007FF7923F2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                  • API String ID: 3187769757-2863816727
                                                                                                                                                                                                  • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction ID: afef9430ebe2df5e0e765e1b80dcbacc5ac31cff2f166623e01158535c915c12
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC215E61B1868281FE30FB31F8423F6A250BF58354FC0013ED55D825E6EEACE909C720
                                                                                                                                                                                                  Function 00007FF79240BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 891 7ff79240bacc-7ff79240baf2 892 7ff79240bb0d-7ff79240bb11 891->892 893 7ff79240baf4-7ff79240bb08 call 7ff792404f58 call 7ff792404f78 891->893 894 7ff79240bee7-7ff79240bef3 call 7ff792404f58 call 7ff792404f78 892->894 895 7ff79240bb17-7ff79240bb1e 892->895 907 7ff79240befe 893->907 914 7ff79240bef9 call 7ff79240a950 894->914 895->894 897 7ff79240bb24-7ff79240bb52 895->897 897->894 901 7ff79240bb58-7ff79240bb5f 897->901 904 7ff79240bb78-7ff79240bb7b 901->904 905 7ff79240bb61-7ff79240bb73 call 7ff792404f58 call 7ff792404f78 901->905 910 7ff79240bb81-7ff79240bb87 904->910 911 7ff79240bee3-7ff79240bee5 904->911 905->914 912 7ff79240bf01-7ff79240bf18 907->912 910->911 915 7ff79240bb8d-7ff79240bb90 910->915 911->912 914->907 915->905 918 7ff79240bb92-7ff79240bbb7 915->918 920 7ff79240bbb9-7ff79240bbbb 918->920 921 7ff79240bbea-7ff79240bbf1 918->921 922 7ff79240bbbd-7ff79240bbc4 920->922 923 7ff79240bbe2-7ff79240bbe8 920->923 924 7ff79240bbf3-7ff79240bc1b call 7ff79240d66c call 7ff79240a9b8 * 2 921->924 925 7ff79240bbc6-7ff79240bbdd call 7ff792404f58 call 7ff792404f78 call 7ff79240a950 921->925 922->923 922->925 927 7ff79240bc68-7ff79240bc7f 923->927 951 7ff79240bc38-7ff79240bc63 call 7ff79240c2f4 924->951 952 7ff79240bc1d-7ff79240bc33 call 7ff792404f78 call 7ff792404f58 924->952 955 7ff79240bd70 925->955 930 7ff79240bcfa-7ff79240bd04 call 7ff79241398c 927->930 931 7ff79240bc81-7ff79240bc89 927->931 942 7ff79240bd0a-7ff79240bd1f 930->942 943 7ff79240bd8e 930->943 931->930 935 7ff79240bc8b-7ff79240bc8d 931->935 935->930 939 7ff79240bc8f-7ff79240bca5 935->939 939->930 944 7ff79240bca7-7ff79240bcb3 939->944 942->943 949 7ff79240bd21-7ff79240bd33 GetConsoleMode 942->949 947 7ff79240bd93-7ff79240bdb3 ReadFile 943->947 944->930 950 7ff79240bcb5-7ff79240bcb7 944->950 953 7ff79240bdb9-7ff79240bdc1 947->953 954 7ff79240bead-7ff79240beb6 GetLastError 947->954 949->943 956 7ff79240bd35-7ff79240bd3d 949->956 950->930 957 7ff79240bcb9-7ff79240bcd1 950->957 951->927 952->955 953->954 960 7ff79240bdc7 953->960 963 7ff79240beb8-7ff79240bece call 7ff792404f78 call 7ff792404f58 954->963 964 7ff79240bed3-7ff79240bed6 954->964 965 7ff79240bd73-7ff79240bd7d call 7ff79240a9b8 955->965 956->947 962 7ff79240bd3f-7ff79240bd61 ReadConsoleW 956->962 957->930 958 7ff79240bcd3-7ff79240bcdf 957->958 958->930 966 7ff79240bce1-7ff79240bce3 958->966 970 7ff79240bdce-7ff79240bde3 960->970 972 7ff79240bd82-7ff79240bd8c 962->972 973 7ff79240bd63 GetLastError 962->973 963->955 967 7ff79240bd69-7ff79240bd6b call 7ff792404eec 964->967 968 7ff79240bedc-7ff79240bede 964->968 965->912 966->930 977 7ff79240bce5-7ff79240bcf5 966->977 967->955 968->965 970->965 979 7ff79240bde5-7ff79240bdf0 970->979 972->970 973->967 977->930 983 7ff79240be17-7ff79240be1f 979->983 984 7ff79240bdf2-7ff79240be0b call 7ff79240b6e4 979->984 988 7ff79240be9b-7ff79240bea8 call 7ff79240b524 983->988 989 7ff79240be21-7ff79240be33 983->989 991 7ff79240be10-7ff79240be12 984->991 988->991 992 7ff79240be8e-7ff79240be96 989->992 993 7ff79240be35 989->993 991->965 992->965 995 7ff79240be3a-7ff79240be41 993->995 996 7ff79240be7d-7ff79240be88 995->996 997 7ff79240be43-7ff79240be47 995->997 996->992 998 7ff79240be49-7ff79240be50 997->998 999 7ff79240be63 997->999 998->999 1000 7ff79240be52-7ff79240be56 998->1000 1001 7ff79240be69-7ff79240be79 999->1001 1000->999 1002 7ff79240be58-7ff79240be61 1000->1002 1001->995 1003 7ff79240be7b 1001->1003 1002->1001 1003->992
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                  • Instruction ID: 5533235454ba8e2a2d4382df78540e05314d0abc64e5fa8b9afa1d483bbb4083
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73C19122A4C68682F770BB3594402BDF674EB81B80F954135EA4E077B1DEBCEC95C764
                                                                                                                                                                                                  Function 00007FF7923F6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                  • API String ID: 2050909247-2434346643
                                                                                                                                                                                                  • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                  • Instruction ID: 643713cac72bec00479a388cf7ee7eda7441b8cdb1113e0c1b4bd30a61930bbe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11415121B0868691FE31FB31F4562E9A311FB54344FD0417ADA5D436AAEFBCEA05C760
                                                                                                                                                                                                  Function 00007FF7923F2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                                  • Opcode ID: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                                  • Instruction ID: 46b2015b53f17bacefaff14dc5267450ef81e1c94f0024560f92bf72615bde3d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C314C62A08A8289FB20FB31E8552F9B360FF88784F940135EA4D47A6ADF7CD545C710
                                                                                                                                                                                                  Function 00007FF79240F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                  • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction ID: 72cc88a4b2c3b6b38ae3b1ed02fce88087362ae4abec1e780cecf1a8f48188dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C951D372F081118AFB38FF3499556BCA7B1AB50358F920135DE1E56AF5DF78E882CA10
                                                                                                                                                                                                  Function 00007FF7924057EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                  • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction ID: 9eaed3f63b05b1e53ff57f7e6f6061f487b82795456c12bdb2cd107bb95c0139
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB519C22E086418AFB20FF7194503BDA3B1FB48B98F944435DE0D576A9DFB8D895C720
                                                                                                                                                                                                  Function 00007FF792405698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                  • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction ID: d36111271326d06fb7afc0198b6314aa89cd02ad6bfac762f7ebd0f7689c4b4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9418122E5878183F720BF319514379A270FB94794F508334EA5C03AE2DFACA9E0C760
                                                                                                                                                                                                  Function 00007FF7923F20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                                  • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction ID: d95be0e253fb9b38ab3a2eee4078e9db3321494087a52fc4f1225a1a1b303211
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0711A921B1C14282FA74B77BF5462F9A251EB98780FD48038DF4907B9ACDADD895C714
                                                                                                                                                                                                  Function 00007FF7923FCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                  • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction ID: dd9845956631f139bf3fce0ac1f3f375ddd6ba6c627555b3df60e0e0b42ee288
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C314B22E8820745FF74FB34A4223F9A691AF55784FC4487DE54E472E7DEACA845C230
                                                                                                                                                                                                  Function 00007FF792409AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction ID: 80a3cdbf1964b2b01908ad54f42b7bcfba8375f163032544917115723ab38c9c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0D09E20B5878646FF347B715C99178A2616F58B41FA51438C85B063B3DDFCAC89C720
                                                                                                                                                                                                  Function 00007FF7924001AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction ID: d0f2bf28aecc6fb9067ad65c8a5e41b6e26fa9f9234c15865757fbb6884f6f37
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A513A21B4E64186F739BA35940067AE2A1BF44BA4F946734DE6C077E5CFBCDC81C620
                                                                                                                                                                                                  Function 00007FF79240C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                  • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction ID: 6552c34060c31dd540ba0d67931118b88be81861703b78eecda497e84308ed54
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA11BF61B58A8181EB20BB35E804169B361BB55BF4FA44331EE7D4B7E9CEBCD891C740
                                                                                                                                                                                                  Function 00007FF792405994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7924058A9), ref: 00007FF7924059C7
                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7924058A9), ref: 00007FF7924059DD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                  • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction ID: dc745084244fc6093867441376f30d02a384121dbbb73557c51e7adf5d240330
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0114F3265C65282FB64BF25A45117AF770FB84761F900235FA9D819E8EFACD858CF10
                                                                                                                                                                                                  Function 00007FF79240ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FF79240AA45,?,?,00000000,00007FF79240AAFA), ref: 00007FF79240AC36
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF79240AA45,?,?,00000000,00007FF79240AAFA), ref: 00007FF79240AC40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                  • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction ID: 86afa791a80d5c65f05655caadce01222a81725d14c625ea4fcb53e2360fb772
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7219221B5C65242FBB0B771955027DA2A29F84BD0F894235DB1E473E6CEECACC5C361
                                                                                                                                                                                                  Function 00007FF79240BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction ID: d3489ae3514f2f73695ed711c9ae88b54ab797d566ed4cd1813cafad38944ee4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2541973294820187FB34FB75E54017DB774EB55B44F900131DA8A876A1CFADE882CB61
                                                                                                                                                                                                  Function 00007FF7923F7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                  • Opcode ID: 57c2c4b4067f487da02ee57e8c6367b5d15013a29cd3414ac047bd2cce026e08
                                                                                                                                                                                                  • Instruction ID: f35ed1211ea16467e40df9eaed97b3be69d8752ed3ac03d211436f5a33fc2145
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57c2c4b4067f487da02ee57e8c6367b5d15013a29cd3414ac047bd2cce026e08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E121D221B0865255FE24BA3276013FAD651BF45BC4FCC1638EE0D07B86CEBDE482C290
                                                                                                                                                                                                  Function 00007FF79240B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction ID: ce5a7b59f2e6b35efb62db27a3e8f344f1b83a47eb45e7da7f4874a603183f0a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD317E21A5864286F7617B76984137DA670AB40BA4FC10135EA6D033F2DFFCAC85CB75
                                                                                                                                                                                                  Function 00007FF7924099D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                  • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction ID: 1de30d386a2628b840859952d9ac206bae16e698cf302d56e8e4aababff9bbe2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1217C32A047828AFB24AF75C4442EC77B0EB44B18F940639D62D06EE5DFB8D984CB60
                                                                                                                                                                                                  Function 00007FF792406004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction ID: 4efa0dd4da3d9c628c22f9344f336d9ce91cb9ccdb34cd41a0576f69c2b986ea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75112C22A5864181FB70BF61940067EE274FF45B80F854031EB4E57AA6DFBDDD80C760
                                                                                                                                                                                                  Function 00007FF7924163C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction ID: 119f5df2c7e853b80c5abd1f6c1d5f04d89ea57382f3b96a5a152d483c74e988
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D21A17271864186E770FF28D440379B6A0AB94B94FA44234E69D8B6EADFBCD800CB10
                                                                                                                                                                                                  Function 00007FF79240042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction ID: 5d105b4cd94e5dd8f254cd62e86d83645646281f8296ff2ab62ea79a86631ab1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6001A521A4874140FB24FF729901169E6A1BF85FE0F985631DE5C17BE6DEBCD881C314
                                                                                                                                                                                                  Function 00007FF7923F9070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7923F45E4,00000000,00007FF7923F1985), ref: 00007FF7923F9439
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00007FF7923F6466,?,00007FF7923F336E), ref: 00007FF7923F9092
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2592636585-0
                                                                                                                                                                                                  • Opcode ID: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                                  • Instruction ID: 4145a31f35a25ce792c9236d8942dc4424b912b058ebff6662fbe60b0461e7cd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0ED08C11B2424541FA64F777BA46679A251AB8DBC0F988039EE0D03B6ADC3CC4918B00
                                                                                                                                                                                                  Function 00007FF79240D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF792400D00,?,?,?,00007FF79240236A,?,?,?,?,?,00007FF792403B59), ref: 00007FF79240D6AA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction ID: 873f83a03d64d7ea6d270d2a2836dd28daec0b9b1026309f3feaa458828eeef4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F03410B8934684FF74B7B1591167892A09F94FA0F880A30DC2E852E2DEACACC4C630

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FFD937E13D9 Relevance: 158.2, APIs: 87, Strings: 3, Instructions: 722COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_free$N_free$N_num_bitsX_freeY_free$D_get0_nameDigestInit_exN_bn2binSignX_newX_set_rsa_paddingX_set_rsa_pss_saltlenY_get_security_bitsmemset
                                                                                                                                                                                                  • String ID: pub$ssl\statem\statem_srvr.c$tls_construct_server_key_exchange
                                                                                                                                                                                                  • API String ID: 887506579-128282604
                                                                                                                                                                                                  • Opcode ID: 9d443737fe05d60fa059876b4f3769fe0e682d1fe6246bbb2ee8982e1c40dfb5
                                                                                                                                                                                                  • Instruction ID: eae07812e67ed7580f9c13d5fad97506c4898de89bc9cc2956de6bfad4897d9a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d443737fe05d60fa059876b4f3769fe0e682d1fe6246bbb2ee8982e1c40dfb5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7625A21B1878281FB34EBE1D9716F8636ABF85784F404076DD0E77A96DE3EE50A9340
                                                                                                                                                                                                  Function 00007FFD938061E0 Relevance: 138.7, APIs: 77, Strings: 2, Instructions: 438COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64(?,?,00000000,00000000,00000000,00007FFD938001A9), ref: 00007FFD93806212
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,?,00000000,00000000,00000000,00007FFD938001A9), ref: 00007FFD9380622A
                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3-X64(?,?,00000000,00000000,00000000,00007FFD938001A9), ref: 00007FFD9380623B
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64(?,?,00000000,00000000,00000000,00007FFD938001A9), ref: 00007FFD9380626B
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,?,00000000,00000000,00000000,00007FFD938001A9), ref: 00007FFD93806283
                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3-X64(?,?,00000000,00000000,00000000,00007FFD938001A9), ref: 00007FFD93806294
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: dane_tlsa_add$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 1552677711-3864655856
                                                                                                                                                                                                  • Opcode ID: 48e1fa292a29c956e13d1b5ee0a6b5e98a18e463bd5675221b477ed73043fb0f
                                                                                                                                                                                                  • Instruction ID: 24a12dee6302f0091e57df64f5a808214ae846ff3d46c7355758b379966320ab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48e1fa292a29c956e13d1b5ee0a6b5e98a18e463bd5675221b477ed73043fb0f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0029D21B6875281FA70EBE1E8616F96359AF80781F804072DD0D237E6DF2FE6498752
                                                                                                                                                                                                  Function 00007FFD937E21D5 Relevance: 110.7, APIs: 57, Strings: 6, Instructions: 486COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                  • String ID: HMAC$ssl\t1_enc.c$tls-mac-size$tls-version$tls1_change_cipher_state$tls_provider_set_tls_params
                                                                                                                                                                                                  • API String ID: 1274617517-1323151799
                                                                                                                                                                                                  • Opcode ID: f5c78a5f21caeea840ea9c976eb66bd6c248776441e823fa21cd649e595d67b4
                                                                                                                                                                                                  • Instruction ID: 7e5581ccd1dc09edc10ba3351f6a9a100258884e35ca1f08d702793e4ae44c16
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5c78a5f21caeea840ea9c976eb66bd6c248776441e823fa21cd649e595d67b4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD22BB22B18B8282EA74EBE5D5603BD63A8FF85B88F404131DE4D67796DF3EE1558700
                                                                                                                                                                                                  Function 00007FFD937E17EE Relevance: 89.8, APIs: 46, Strings: 5, Instructions: 582COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_freeY_free$DigestSign$Init_exO_memcmpX_newY_new_raw_private_key_ex
                                                                                                                                                                                                  • String ID: $HMAC$SHA2-256$ssl\statem\extensions_srvr.c$tls_parse_ctos_cookie
                                                                                                                                                                                                  • API String ID: 206681685-922819786
                                                                                                                                                                                                  • Opcode ID: 12b81a65858aa062e783f572baa684f3e0d3a02c28ae32644fa709fee9978822
                                                                                                                                                                                                  • Instruction ID: d8594d7197a0830f3dd98be2083b041ef064be1225674ce34a64091e6d38e42f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12b81a65858aa062e783f572baa684f3e0d3a02c28ae32644fa709fee9978822
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23429E25B1869281FB70EBE5D8796FD3769AF80784F840031E94D63BE6EE2EE545D300
                                                                                                                                                                                                  Function 00007FFD937E111D Relevance: 75.5, APIs: 40, Strings: 3, Instructions: 286COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                                  • String ID: gfffffff$ssl\ssl_cert.c$ssl_cert_dup
                                                                                                                                                                                                  • API String ID: 1324884158-2918673968
                                                                                                                                                                                                  • Opcode ID: 107c9ddbb7f483a048e74c73b266d3f755c35d4acd34b1ab8494f12c2b6448fd
                                                                                                                                                                                                  • Instruction ID: 167382a87fab9a08a85b72dfaeb474a9c3da52fb91dd955651b8aa3dc9a9718e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 107c9ddbb7f483a048e74c73b266d3f755c35d4acd34b1ab8494f12c2b6448fd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBD18A31B19B4292EA69EBA6E4A02F873A8FF44784F444036CE5D67391DF3DE165C350
                                                                                                                                                                                                  Function 00007FFD937E110E Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 349COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeX_freeY_free
                                                                                                                                                                                                  • String ID: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\include\internal/packet.h$ssl\statem\statem_clnt.c$tls_process_key_exchange$tls_process_ske_psk_preamble
                                                                                                                                                                                                  • API String ID: 2275278220-553104576
                                                                                                                                                                                                  • Opcode ID: 3ac4cefb67ed4c7e4eef41d817a7fe408af18b3a10b9896059324714da496b37
                                                                                                                                                                                                  • Instruction ID: f30c437f2991ad6a857cd151abe98e09400fdc8f36250587c7abdb5be64c7daa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ac4cefb67ed4c7e4eef41d817a7fe408af18b3a10b9896059324714da496b37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33F17C21B18B8286F730ABE1D9242B9636AAF49784F404032ED1D37BD6DF3EE5468341
                                                                                                                                                                                                  Function 00007FF7923F8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                  • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                  • API String ID: 3832162212-3165540532
                                                                                                                                                                                                  • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction ID: f761d6855b4006122dfd0801523a005978e54ecb78172726054c9a0d98372b4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5D17132B08B868AFB20FF34E8552A9B760FF94B58F900239DA5D426A5DFBCD544C750
                                                                                                                                                                                                  Function 00007FFD9380F150 Relevance: 59.7, APIs: 31, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$R_newR_set_debug$R_set_error$D_lock_freeL_cleanse$D_lock_newL_sk_pop_freeO_clear_freeO_free_ex_dataO_new_ex_dataO_zallocX509_free_time64memcpy
                                                                                                                                                                                                  • String ID: SSL_SESSION_new$ssl\ssl_sess.c$ssl_get_new_session
                                                                                                                                                                                                  • API String ID: 2281621947-3357215502
                                                                                                                                                                                                  • Opcode ID: 66e038beb71e545dff4343abd9378d4b72e96982a162c0205e5d9dae65b5291c
                                                                                                                                                                                                  • Instruction ID: 2670d1bb0528cb6077759c9ef914a3aa132b270a3ebf903defefb3730a26bd90
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66e038beb71e545dff4343abd9378d4b72e96982a162c0205e5d9dae65b5291c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42B18A61B1878292EB60EBE1D8647FC6359FF84B84F448035DE0D6B296DF6EE2498341
                                                                                                                                                                                                  Function 00007FFD937F43B0 Relevance: 57.9, APIs: 29, Strings: 4, Instructions: 177COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: X509_$R_newR_set_debugR_set_error$L_sk_numX_free$D_run_onceL_sk_pop_freeL_sk_valueM_move_peernameM_set1X509_verify_certX_get0_chainX_get1_chainX_get_errorX_initX_new_exX_set0_daneX_set_defaultX_set_ex_dataX_set_flagsX_set_verify_cb
                                                                                                                                                                                                  • String ID: ssl\ssl_cert.c$ssl_client$ssl_server$ssl_verify_cert_chain
                                                                                                                                                                                                  • API String ID: 374146265-900346182
                                                                                                                                                                                                  • Opcode ID: d383b28525b84a6884f36155faf83878209c6f3b4bb231ab216cdf167d2fc438
                                                                                                                                                                                                  • Instruction ID: cda07deae802cab6c675de76c15303f2f8f0f0d8227142b8f75812b326c14679
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d383b28525b84a6884f36155faf83878209c6f3b4bb231ab216cdf167d2fc438
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2271D261B18B4286FA70EBE2D9702BA6399BF85BC8F444031DD0D67796DF2DE44AC350
                                                                                                                                                                                                  Function 00007FFD93845250 Relevance: 52.7, APIs: 25, Strings: 5, Instructions: 198COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,00007FFD93845FA4), ref: 00007FFD93845285
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,00007FFD93845FA4), ref: 00007FFD9384529D
                                                                                                                                                                                                  • X509_get0_pubkey.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,00007FFD93845FA4), ref: 00007FFD938452C5
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,00007FFD93845FA4), ref: 00007FFD938452E0
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,00007FFD93845FA4), ref: 00007FFD938452F8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                  • String ID: 0$0$RSA$ssl\statem\statem_clnt.c$tls_construct_cke_rsa
                                                                                                                                                                                                  • API String ID: 2988517565-3239883068
                                                                                                                                                                                                  • Opcode ID: d58000328da5a426c67c3ee2abf0a6ae4b2ad505c68771271df4bc36e857a004
                                                                                                                                                                                                  • Instruction ID: dfa6e5ef1da2e7fb26e43cd95d54c407a5dddca467b265efda0ca574329900ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d58000328da5a426c67c3ee2abf0a6ae4b2ad505c68771271df4bc36e857a004
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E818D21B1C68282F630ABE1E9353F96359AF85788F440072DD0D67BD6DF6EE64AC341
                                                                                                                                                                                                  Function 00007FFD9385B3A0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 217COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: 0$ssl\statem\statem_srvr.c$tls-client-version$tls-negotiated-version$tls_process_cke_rsa
                                                                                                                                                                                                  • API String ID: 193678381-318422981
                                                                                                                                                                                                  • Opcode ID: c41e56e519ed62c30b24b23aefcb71d446434b65512ce5e8cb4c6a34bad83845
                                                                                                                                                                                                  • Instruction ID: 5e6ebf9c6fa8d20b8097b549a7491e0e34bfedcf16b5a01bd6645df43b0d11a4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c41e56e519ed62c30b24b23aefcb71d446434b65512ce5e8cb4c6a34bad83845
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90A18F22B28B8282F7219BE4D4212F963A9FF95784F405171EE4D27A96DF3DE585C700
                                                                                                                                                                                                  Function 00007FFD937E21B7 Relevance: 47.6, APIs: 25, Strings: 2, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_key_share
                                                                                                                                                                                                  • API String ID: 193678381-752603787
                                                                                                                                                                                                  • Opcode ID: 0941022e17cc78bc3dbb736f33a09c746984b413b8af3c091d5a77a70d1e63fa
                                                                                                                                                                                                  • Instruction ID: 0dee62403880610853671a611998e5423bcc91b1ce5c9f41948f6d812bfd1267
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0941022e17cc78bc3dbb736f33a09c746984b413b8af3c091d5a77a70d1e63fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CD1C362B1828281F774EBE5E8716F962A9AF80794F440131ED4E67BD6DF3EE545C300
                                                                                                                                                                                                  Function 00007FFD937E2301 Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 344COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_new$R_set_debug$O_free$D_free$D_fetchD_get_sizeO_malloc_time64
                                                                                                                                                                                                  • String ID: SHA2-256$resumption$ssl\statem\statem_clnt.c$tls_process_new_session_ticket
                                                                                                                                                                                                  • API String ID: 835697101-2938955119
                                                                                                                                                                                                  • Opcode ID: 01b889c05a0d612c58de67bd33d0b4f12c156f54fddddd4201b3b11c0c3bc71a
                                                                                                                                                                                                  • Instruction ID: a033111d55fd3c47e591cb71a1b5f6dc6c14ba6efe91a455675f9ab501d9a954
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01b889c05a0d612c58de67bd33d0b4f12c156f54fddddd4201b3b11c0c3bc71a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F1A032B0968281EB30DB95E5A43B977A9EB88BC4F148031DE4D67B95DF3ED956C300
                                                                                                                                                                                                  Function 00007FFD937E105F Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 200COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FFD93844E70: ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD93845F8B), ref: 00007FFD93844EBD
                                                                                                                                                                                                    • Part of subcall function 00007FFD93844E70: ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD93845F8B), ref: 00007FFD93844ED5
                                                                                                                                                                                                    • Part of subcall function 00007FFD93844E70: OPENSSL_cleanse.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD93845F8B), ref: 00007FFD9384510D
                                                                                                                                                                                                    • Part of subcall function 00007FFD93844E70: OPENSSL_cleanse.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD93845F8B), ref: 00007FFD9384511C
                                                                                                                                                                                                    • Part of subcall function 00007FFD93844E70: CRYPTO_clear_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD93845F8B), ref: 00007FFD93845134
                                                                                                                                                                                                    • Part of subcall function 00007FFD93844E70: CRYPTO_clear_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD93845F8B), ref: 00007FFD9384514C
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD93845FF4
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD9384601D
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD93846035
                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3-X64 ref: 00007FFD93846061
                                                                                                                                                                                                  • EVP_PKEY_free.LIBCRYPTO-3-X64 ref: 00007FFD93846069
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD9384609A
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD938460B2
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD938460D9
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD938460F1
                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3-X64 ref: 00007FFD93846113
                                                                                                                                                                                                  • EVP_PKEY_free.LIBCRYPTO-3-X64 ref: 00007FFD9384611B
                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3-X64 ref: 00007FFD938461CB
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD9384620B
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD93846223
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: EVP_MD_CTX_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844A71
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: EVP_DigestInit.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844A88
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: EVP_DigestUpdate.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844AA5
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: EVP_DigestUpdate.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844AC2
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: EVP_DigestFinal_ex.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844ADC
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: EVP_MD_CTX_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844AEC
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: CRYPTO_malloc.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844B0F
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844CDE
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844CF3
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: EVP_PKEY_CTX_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844D0B
                                                                                                                                                                                                    • Part of subcall function 00007FFD938449E0: CRYPTO_clear_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFD9384614C), ref: 00007FFD93844D23
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD93846265
                                                                                                                                                                                                  • CRYPTO_clear_free.LIBCRYPTO-3-X64 ref: 00007FFD9384629A
                                                                                                                                                                                                  • CRYPTO_clear_free.LIBCRYPTO-3-X64 ref: 00007FFD938462C8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_clear_free$Digest$O_free$L_cleanseUpdateX_freeY_free$Final_exInitO_mallocX_new
                                                                                                                                                                                                  • String ID: ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe$tls_construct_cke_srp$tls_construct_client_key_exchange
                                                                                                                                                                                                  • API String ID: 3008822350-3169014888
                                                                                                                                                                                                  • Opcode ID: 399f5c6ecd2943290b76f745a7470c6381678f9a771533b4da2e23ab5b2509df
                                                                                                                                                                                                  • Instruction ID: a08b2672d3571f715d3c35f6b02fc187e2a3e449e3946afc7c63d6631f3a19c4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 399f5c6ecd2943290b76f745a7470c6381678f9a771533b4da2e23ab5b2509df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D916061B1C74382FA70ABE1D9756F96229AF89B84F440031DD0E37BDADF2EE5468341
                                                                                                                                                                                                  Function 00007FFD937E1447 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 220COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_freeX_new
                                                                                                                                                                                                  • String ID: ssl\statem\statem_lib.c$tls13_save_handshake_digest_for_pha$tls_process_finished
                                                                                                                                                                                                  • API String ID: 1676177304-2160900909
                                                                                                                                                                                                  • Opcode ID: ac5520c3ac35297efb78c3b195ed395a864de5638975bd038685d2307caaa3ac
                                                                                                                                                                                                  • Instruction ID: 4f071c9397d240656402a99f7c0279cc67d3c54d0a62655ec110b0a0c9c54008
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac5520c3ac35297efb78c3b195ed395a864de5638975bd038685d2307caaa3ac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74A16825B0878282F771EBE1D8707B96399EF85B84F444072DE4D6B6A6DF2EE585C300
                                                                                                                                                                                                  Function 00007FFD937E17DF Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_alpn
                                                                                                                                                                                                  • API String ID: 193678381-2890585513
                                                                                                                                                                                                  • Opcode ID: 1be6c7122c3d54bc3ea7b09c046b101d59b7a0c70e4635f85b5adabfadd1450b
                                                                                                                                                                                                  • Instruction ID: d0b5e50e575d6daa28b0743451b53693bfa4567bbbc129128892ac9e460d9818
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1be6c7122c3d54bc3ea7b09c046b101d59b7a0c70e4635f85b5adabfadd1450b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D81C062B18AC281EA78DBD1D5602F963AAEB84B84F444032DE1D67796DF3EE551C300
                                                                                                                                                                                                  Function 00007FFD93830200 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 293COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeO_zalloc
                                                                                                                                                                                                  • String ID: )$,$gfffffff$gfffffff$gfffffff$gfffffff$ssl\statem\extensions.c$tls_collect_extensions
                                                                                                                                                                                                  • API String ID: 2822291608-2023642824
                                                                                                                                                                                                  • Opcode ID: 80c4ed4e2abedcd61bce54166b2aa9b7274d85406e0e5855328a182294982232
                                                                                                                                                                                                  • Instruction ID: 074e879557570bdb9b9049a7f69ed76e79c65ccd7906736cc8adbf64042ef27c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80c4ed4e2abedcd61bce54166b2aa9b7274d85406e0e5855328a182294982232
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBC1F3A2B1878281FB798B96E4607BD67A9EF81B84F144131DD8E63B94DF3EE541C301
                                                                                                                                                                                                  Function 00007FFD937E2108 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\include\internal/packet.h$ssl\ssl_lib.c$ssl_cache_cipherlist
                                                                                                                                                                                                  • API String ID: 193678381-3771517992
                                                                                                                                                                                                  • Opcode ID: b166cff08d1a6630f5ffe683c81a84b1c0dd933c696eb1a556c63e70407a669d
                                                                                                                                                                                                  • Instruction ID: 3aece100b55e88863a5032bdcff08d700328036d9b2e57bce0d4d234832cd299
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b166cff08d1a6630f5ffe683c81a84b1c0dd933c696eb1a556c63e70407a669d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE71B121B18B8282F771DBE1E8216F96359EF44784F484432EE4D27AA5DF3FE2458340
                                                                                                                                                                                                  Function 00007FFD937E245A Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 173COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_new$R_set_debug$O_free$O_memcmpO_strndupmemchr
                                                                                                                                                                                                  • String ID: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\include\internal/packet.h$ssl\statem\extensions_srvr.c$tls_parse_ctos_server_name
                                                                                                                                                                                                  • API String ID: 780431574-3842392038
                                                                                                                                                                                                  • Opcode ID: 1a25de1aaab3187b0e9543157c82e26c239df9ea4aa74067da1e9c1fd23f845d
                                                                                                                                                                                                  • Instruction ID: b20164edda2d480cb5eeeb5e2bc767ac8f70002a3cb4c3873815c7cd86b0973e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a25de1aaab3187b0e9543157c82e26c239df9ea4aa74067da1e9c1fd23f845d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5671F421F0978286EB74ABE4E4603B9A7A9FF45784F444131EA5D637D2DF2EE598C300
                                                                                                                                                                                                  Function 00007FFD937E2176 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 182COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_new$R_set_debug$O_free$Y_freeY_get1_encoded_public_key
                                                                                                                                                                                                  • String ID: add_key_share$ssl\statem\extensions_clnt.c$tls_construct_ctos_key_share
                                                                                                                                                                                                  • API String ID: 2910640537-1054723374
                                                                                                                                                                                                  • Opcode ID: 39a77f7700b4269cbf189b485f33a9c91b081e41f4c493d7bb8465a05a7a5d57
                                                                                                                                                                                                  • Instruction ID: 041bbd0187b893997ca1f93a635f58941b1bbdbb542ac6caebb7cc66dbc71d1b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a77f7700b4269cbf189b485f33a9c91b081e41f4c493d7bb8465a05a7a5d57
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A71B121B1C68382FA74EBD1E5616BD6369BF84BC0F440131EE4E67BA6DF6EE5448700
                                                                                                                                                                                                  Function 00007FFD937E2117 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 275COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$D_unlock$D_read_lockH_retrieve_time64memcmpmemcpy
                                                                                                                                                                                                  • String ID: ssl\ssl_sess.c$ssl_get_prev_session
                                                                                                                                                                                                  • API String ID: 2856374240-1744558562
                                                                                                                                                                                                  • Opcode ID: bdbe45e85ab9273b8b76ada339546cd01c1143bdbc43040268bd0ab873ed341f
                                                                                                                                                                                                  • Instruction ID: f407b7a414939797631a8c25db15e6012c2d0451f82b3a4c7e58c1e51f929dde
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdbe45e85ab9273b8b76ada339546cd01c1143bdbc43040268bd0ab873ed341f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BED18732B0968286EAB49BA1D5707F973A8FF84B88F048031DE4D67695DF3EE555CB00
                                                                                                                                                                                                  Function 00007FFD937E11DB Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$E_freeX509_Y_free$D_lock_freeL_sk_pop_freeX509_free
                                                                                                                                                                                                  • String ID: ssl\ssl_cert.c
                                                                                                                                                                                                  • API String ID: 3478116879-188639428
                                                                                                                                                                                                  • Opcode ID: 94b2c3dd68adce7dcd7d6fac860373944027107af8e9c0fcf36b5a36d89e44d8
                                                                                                                                                                                                  • Instruction ID: 144e8eefe1608631436fca478a6334c197532a5cb888f5a6a4658559c7235c7d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94b2c3dd68adce7dcd7d6fac860373944027107af8e9c0fcf36b5a36d89e44d8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64318531B18B4291E764AFE5D4602BC7329FB81B94F444072DE1D57696DF3EE565C300
                                                                                                                                                                                                  Function 00007FFD9384D280 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 292COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$R_newR_set_debug$memcpy
                                                                                                                                                                                                  • String ID: dtls_get_reassembled_message$ssl\statem\statem_dtls.c
                                                                                                                                                                                                  • API String ID: 3440475884-2464859936
                                                                                                                                                                                                  • Opcode ID: 9d98487afa6371c2ab2a465c00314c8ed86a61f230f79ab205ca30d5340629e4
                                                                                                                                                                                                  • Instruction ID: b070f629bb5c44d4433658ad8dcb8f0d365f01e859b028bd7ccc656eef911a22
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d98487afa6371c2ab2a465c00314c8ed86a61f230f79ab205ca30d5340629e4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23D18132B0878186F760DFA0E4243EC77A9EB49B8CF044036EE4D67A9ADE39D149C750
                                                                                                                                                                                                  Function 00007FFD93844350 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeY_free
                                                                                                                                                                                                  • String ID: ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe
                                                                                                                                                                                                  • API String ID: 110670684-1789894868
                                                                                                                                                                                                  • Opcode ID: e74e589dac6bce892fb87e1924224f39b1fe1cec23b00a4ddd86626d6eaa6d99
                                                                                                                                                                                                  • Instruction ID: 9d92ff868d4a3f8d721a69e5c58339ac6461db89fd287ed14d4fa9cf38ba3a70
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e74e589dac6bce892fb87e1924224f39b1fe1cec23b00a4ddd86626d6eaa6d99
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E941AF21B0C78242F630EBE1F9216FAA619AF85784F400071DD0D27BD6EF6EE54A8340
                                                                                                                                                                                                  Function 00007FFD937ED0F0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$O_freeO_strdup
                                                                                                                                                                                                  • String ID: ssl3_ctrl$ssl\s3_lib.c
                                                                                                                                                                                                  • API String ID: 1111623124-3530330221
                                                                                                                                                                                                  • Opcode ID: 47e71d9e984e97a0a97279b91750e9ba88a89694cf2892a8798465abbd244a4c
                                                                                                                                                                                                  • Instruction ID: 360c0684ddfa0c8698589a499de2fff22b4071c89c7dad4e7fd261480fd0f23b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47e71d9e984e97a0a97279b91750e9ba88a89694cf2892a8798465abbd244a4c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35319A24B2D78359F771A7D0D8317F8631CAF45348FA10031DD0D22BA2DE2EE44A8312
                                                                                                                                                                                                  Function 00007FFD937E2135 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 147COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $ $key expansion$ssl\t1_enc.c$tls1_setup_key_block
                                                                                                                                                                                                  • API String ID: 0-1703762739
                                                                                                                                                                                                  • Opcode ID: f3a11b2bbb898ccd3a9fc9a3747fa1859cf0602a0b5dfedf3eb95a08951b2619
                                                                                                                                                                                                  • Instruction ID: 723769e947798a28f9196d1f23083721c9f20cfeebb752ff40d46d11445c9379
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3a11b2bbb898ccd3a9fc9a3747fa1859cf0602a0b5dfedf3eb95a08951b2619
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19714972B09B8182E771DF95E4503ADB3A8FB84B84F440136EA8D57B99DF79D245CB00
                                                                                                                                                                                                  Function 00007FFD937E21DA Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_freeO_malloc
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_ec_pt_formats
                                                                                                                                                                                                  • API String ID: 3068916411-1105300127
                                                                                                                                                                                                  • Opcode ID: 280309d614976bea67c002c81674779da3748cb103f8ee55906e82cc1c1fc2ea
                                                                                                                                                                                                  • Instruction ID: 06b4d04e23cb3bcf37385ec0e01c1a3baa12a1d6c482d6c96d0fb799a0e80fe1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 280309d614976bea67c002c81674779da3748cb103f8ee55906e82cc1c1fc2ea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A41A321B1DB8141FA349BD0F8643B9A369FB49784F444131EA8D27B96DF3EE2918700
                                                                                                                                                                                                  Function 00007FFD937E123A Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: N_free$O_free
                                                                                                                                                                                                  • String ID: ssl\tls_srp.c
                                                                                                                                                                                                  • API String ID: 3506937590-1545769946
                                                                                                                                                                                                  • Opcode ID: 3ed5eedb4c6a04aad70ebc928f3a27554a9bfee347adb386ae3451a185fb5b2d
                                                                                                                                                                                                  • Instruction ID: 3abc16c7fd4ea036cf67486af7c8a14b6c5b198de18b01e9b75c7bde3dc4be2f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ed5eedb4c6a04aad70ebc928f3a27554a9bfee347adb386ae3451a185fb5b2d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91216052F28A8280FB50EFB5C8A27FC2354EBD4B4CF145631EE5C5A266DF69A1C5C320
                                                                                                                                                                                                  Function 00007FFD938231A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: N_clear_free$Calc_u_exN_bn2binN_num_bitsO_mallocR_newR_set_debug
                                                                                                                                                                                                  • String ID: srp_generate_server_master_secret$ssl\tls_srp.c
                                                                                                                                                                                                  • API String ID: 862114558-1267657263
                                                                                                                                                                                                  • Opcode ID: c9d0d37bc7826382058bffdafb951faa6def44fb493daf60093bb97b2aee4280
                                                                                                                                                                                                  • Instruction ID: 0e0718816bb4c9fe339b8e2752fb5fe7dcea51e5e2105d6637f61e25b8de12d7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9d0d37bc7826382058bffdafb951faa6def44fb493daf60093bb97b2aee4280
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F31E46671878641EA20ABE6D8616F8739AFF89BD4F040431DE4C6BB56DE7DE105C300
                                                                                                                                                                                                  Function 00007FFD937E23CE Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ssl3_setup_key_block$ssl\s3_enc.c
                                                                                                                                                                                                  • API String ID: 0-3285098195
                                                                                                                                                                                                  • Opcode ID: 0b195cae3179c0b2e6a18047287ba09ef0f13bceff536bf9485c06dbaad74dfd
                                                                                                                                                                                                  • Instruction ID: 80f226af9b7d6367b8c30658cd846199c0ca15ac4a0acb094c43e83213bf5791
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b195cae3179c0b2e6a18047287ba09ef0f13bceff536bf9485c06dbaad74dfd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE51BD36B08B8686E738DBA5E1502E9B3A8FB88B80F800135EF5D93755DF79E1618740
                                                                                                                                                                                                  Function 00007FFD937E20E5 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: ssl\t1_lib.c$tls1_set_sigalgs
                                                                                                                                                                                                  • API String ID: 2261483606-1108168800
                                                                                                                                                                                                  • Opcode ID: 59d0abf28e10e76900911253b03391947ab1680fc0a9ca2200fee1e3c5b35b68
                                                                                                                                                                                                  • Instruction ID: b0bb8493ef73ef2cdf0cccd5c3a4c9c8bcf8f9f3a0d3b85c3d6d66fec2e66208
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59d0abf28e10e76900911253b03391947ab1680fc0a9ca2200fee1e3c5b35b68
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB41EF31B1874285EB749BE5E460AF9A76AEB46B80F484431DE4D23B85DE7EE481C340
                                                                                                                                                                                                  Function 00007FFD937E11BD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: ssl\t1_lib.c$tls1_set_raw_sigalgs
                                                                                                                                                                                                  • API String ID: 2261483606-2858878853
                                                                                                                                                                                                  • Opcode ID: 20095bfa4770f311ee3f4480baaf42fdddae2a0e8bd1f5dc3a62ca42c86e501a
                                                                                                                                                                                                  • Instruction ID: dc166315c83fc86ad76a276b095c08ec6718d16f0c3766fd85b03db437f706e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20095bfa4770f311ee3f4480baaf42fdddae2a0e8bd1f5dc3a62ca42c86e501a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F315722B1978191F7709BE1E8617EA63AAEB45B80F440136DE8E27B85DF3EE444C700
                                                                                                                                                                                                  Function 00007FFD937E235B Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeO_mallocR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                  • String ID: ssl\t1_lib.c$tls1_set_raw_sigalgs
                                                                                                                                                                                                  • API String ID: 3414495729-2858878853
                                                                                                                                                                                                  • Opcode ID: 1a8d3a479c43ad756e77b13870432a728d7fab6e2c18f9689a7ca53576f9223d
                                                                                                                                                                                                  • Instruction ID: 2c198f5de3dc61ad65725bde1c594605324e2c84d4f5fc13b8a1474c85764dda
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a8d3a479c43ad756e77b13870432a728d7fab6e2c18f9689a7ca53576f9223d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A21C22171874280F7209FD2E8602E96769FB45BC0F480435EE4D27B8ADE3EE0418350
                                                                                                                                                                                                  Function 00007FFD937E1393 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 357COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_mallocR_do_allR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                  • String ID: ssl\t1_lib.c$ssl_load_groups
                                                                                                                                                                                                  • API String ID: 4002791538-1235048228
                                                                                                                                                                                                  • Opcode ID: b7dca96a7700cd47c8d171f96f6eca6e9549ccb8c67021e3b12ed91432573682
                                                                                                                                                                                                  • Instruction ID: f74f97c01a0a5d69a4b194a243ecc3191edec11307015541dea5ababcd11280a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7dca96a7700cd47c8d171f96f6eca6e9549ccb8c67021e3b12ed91432573682
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE1D851B0920681EF798BD4E03417DA29AFF48B88F684636DD4E2A6D8DF7FD052D314
                                                                                                                                                                                                  Function 00007FFD937E23E2 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$O_memdupR_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: SSL_CTX_set_alpn_protos$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 4248801101-1753985964
                                                                                                                                                                                                  • Opcode ID: c2f708f0d62f03b3af6aa53b7da103c579700575650cc3e3d46bd1f68f8383bd
                                                                                                                                                                                                  • Instruction ID: 695f5463f07b776c9db74d06470ac9b37785e3d0fbd786c732494dc27b4216bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2f708f0d62f03b3af6aa53b7da103c579700575650cc3e3d46bd1f68f8383bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF31F431B2869286F7708BA1E460BA96359FF54B84F481032ED4D27B99DF2EE141C741
                                                                                                                                                                                                  Function 00007FFD937E1087 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_run_once$R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: OPENSSL_init_ssl$ssl\ssl_init.c
                                                                                                                                                                                                  • API String ID: 3879570137-538246785
                                                                                                                                                                                                  • Opcode ID: 075a457f690daa81259533cd5cce7294b805d7ebef8db65ce4b969e817258af3
                                                                                                                                                                                                  • Instruction ID: e5154bbbd9b1420837bc731dc458826e802242725b5a1624693f21f5f6183436
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 075a457f690daa81259533cd5cce7294b805d7ebef8db65ce4b969e817258af3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5216821F1C20786FB71DBE5E8703B53AA9BF80380F885030D80E626A5DF2EE945C780
                                                                                                                                                                                                  Function 00007FFD937E211C Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: 1aefe8be0cb4a031de03d879ef19d332eb6ff6d963c6a8ef1502bb65bd86b2e6
                                                                                                                                                                                                  • Instruction ID: b8900a2eeb68f70adf7c728d8f7444eda129e6549e153a44eca624e28344673e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aefe8be0cb4a031de03d879ef19d332eb6ff6d963c6a8ef1502bb65bd86b2e6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38313B72709B8286EB709FA0E8603FD7769FB84744F44443ADA4E57A94DF39D649C700
                                                                                                                                                                                                  Function 00007FFD937E20D6 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeR_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\t1_lib.c$tls1_set_server_sigalgs
                                                                                                                                                                                                  • API String ID: 2314896662-369108580
                                                                                                                                                                                                  • Opcode ID: 00e2a28d0a9e79e618b6c44e36e00a30c0acee156243ae9d4df393170c69521c
                                                                                                                                                                                                  • Instruction ID: c3475dd9372dd8a7ca77449d16eb379e3560802e181670cf778b461b808dde60
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00e2a28d0a9e79e618b6c44e36e00a30c0acee156243ae9d4df393170c69521c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB61AE32B0968186FB358FD0D4647F863AAFB45B84F580832DA0D67695DF7EE592C380
                                                                                                                                                                                                  Function 00007FF7923F83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F841B
                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F849E
                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84BD
                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84CB
                                                                                                                                                                                                  • FindClose.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84DC
                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF7923F8B09,00007FF7923F3FA5), ref: 00007FF7923F84E5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                  • String ID: %s\*
                                                                                                                                                                                                  • API String ID: 1057558799-766152087
                                                                                                                                                                                                  • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                  • Instruction ID: 3a902363f8afd01ea3b001ca713181755692a99e1408d147a00d54e947469636
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12419D21B0CA4284FE34BB34F5455F9B360FB94790FD0027AE99D42699DFACD90AC760
                                                                                                                                                                                                  Function 00007FFD937E22CA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$F_parse_listO_mallocO_memdup
                                                                                                                                                                                                  • String ID: ($ssl\t1_lib.c
                                                                                                                                                                                                  • API String ID: 3703324232-1648197835
                                                                                                                                                                                                  • Opcode ID: 1f12434073ebc075304e3e9c82a2fcebcf6ac7dfddcfbae564822dd78f26827b
                                                                                                                                                                                                  • Instruction ID: 4a10278ee4a20c5f26c92453c2d5bb3a01d35f98a18ab894f69d751b0154ff17
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f12434073ebc075304e3e9c82a2fcebcf6ac7dfddcfbae564822dd78f26827b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC21A231719B4282EB20DB95E4602AA73AAFB857C0F444035EE8D57B99DF3ED111C700
                                                                                                                                                                                                  Function 00007FFD938422D2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\statem_clnt.c$tls_process_encrypted_extensions
                                                                                                                                                                                                  • API String ID: 3271392029-66032045
                                                                                                                                                                                                  • Opcode ID: a28bf71d6ac0d6223f517764103b6b8378fa803926e68f3d64b3b0bcecb8db0d
                                                                                                                                                                                                  • Instruction ID: a7173c1308dd8f12b84fc704165a21385da8ab0312d73718c8f4bc5b017fa26c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a28bf71d6ac0d6223f517764103b6b8378fa803926e68f3d64b3b0bcecb8db0d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A31E072B1C78182E7208B95F4601AAB7A9EBC47A4F445131FA8E27BA9DF3DD180C700
                                                                                                                                                                                                  Function 00007FF7923FD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                  • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction ID: 2ff3c79e5fc833d2bf7d14806b3c5517697a6cc409d7fa690dd97a4e19483e4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70312E72608A8589FB74EF60E8843EEB360FB94704F544039DA4E47BA5EF78D548C720
                                                                                                                                                                                                  Function 00007FFD9380D250 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_unlockD_write_lockH_deleteH_set_down_loadL_sk_new_nullL_sk_pop_freeL_sk_push
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3753489959-0
                                                                                                                                                                                                  • Opcode ID: 09240e16b76a46401cc4795c62568a35535495d786a364ea1ce9ddced7f33dc1
                                                                                                                                                                                                  • Instruction ID: 552fb87cad313a25b3f04d4d826ce228d90a64ebcbe596531d91a04db73b22db
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09240e16b76a46401cc4795c62568a35535495d786a364ea1ce9ddced7f33dc1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44214121B1974286EA74AFE2D5642BD6398FF84BC4F081031EF4D6B75ADF2EE4558300
                                                                                                                                                                                                  Function 00007FFD937E42F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                  • API String ID: 3755831613-364612961
                                                                                                                                                                                                  • Opcode ID: f84b3e5d069fed4306b8481380966724384373809be6d5728b931f7b01cb2d79
                                                                                                                                                                                                  • Instruction ID: 261f321152dfd80f36d20cd8ffa454baaefdc450d43ea057ee9bd4a45b13c876
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f84b3e5d069fed4306b8481380966724384373809be6d5728b931f7b01cb2d79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A11C132B1870182E764DBD8F8905A873A8FB48748F985034DA0C56B56EF3AE5A6C700
                                                                                                                                                                                                  Function 00007FFD937E1389 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                  • API String ID: 3755831613-364612961
                                                                                                                                                                                                  • Opcode ID: 5ff1a8868179543118dd94357ddd5f6785b7a011c85ca85160d003b1bed6ab83
                                                                                                                                                                                                  • Instruction ID: 32b9e51d5624fd8168526403ff646c478afa0623806c9912d5f6e07055d475dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ff1a8868179543118dd94357ddd5f6785b7a011c85ca85160d003b1bed6ab83
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6111C23271474282E724DFD9F4904A973A8FB08768FA44234DA6C17BE6EF3AE556C700
                                                                                                                                                                                                  Function 00007FF79240A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                  • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction ID: 94889c00c258633559a5df360cae9942e596f143b9cc1883421094ae8b61836c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA317F32618F8186EB60EB35E8442AEB3A4FB88754F940135EA8D47B65EF7CD549CB10
                                                                                                                                                                                                  Function 00007FFD937E114F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeR_newR_set_debug
                                                                                                                                                                                                  • String ID: dtls1_process_buffered_records$ssl\record\rec_layer_d1.c
                                                                                                                                                                                                  • API String ID: 2314896662-2686001250
                                                                                                                                                                                                  • Opcode ID: 67a7d5a5ebfd6ddc9863e6358981e21f9cfafad81d9f80685f6a7d6db02cfe19
                                                                                                                                                                                                  • Instruction ID: f1c6820183a2346b220bb9faa7bb4fea05c7e4610fabc09cd3c706e0f65984cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67a7d5a5ebfd6ddc9863e6358981e21f9cfafad81d9f80685f6a7d6db02cfe19
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1241C562B5864281FB709B96D5602B9A3A9EF48FC8F441132EE0EA7795DF2EE451C310
                                                                                                                                                                                                  Function 00007FFD93829810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_mallocR_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl3_setup_read_buffer$ssl\record\ssl3_buffer.c
                                                                                                                                                                                                  • API String ID: 4191474876-3793861729
                                                                                                                                                                                                  • Opcode ID: 10c381ccfbae21b2ee10f8383ec8f0304b5259bfdcbd5b5e498930e8c2b487ce
                                                                                                                                                                                                  • Instruction ID: 967694ad80f266086c7708c841c705ceb6fb13c40a135e7382a3547a8869f2e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10c381ccfbae21b2ee10f8383ec8f0304b5259bfdcbd5b5e498930e8c2b487ce
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5221C332B1864181FBA0EBA5E8517E8239AEB44BC4F481435EE0D57BD5DE3DD892C700
                                                                                                                                                                                                  Function 00007FFD937E1257 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_sk_pop_freeO_freeX509_freeY_free
                                                                                                                                                                                                  • String ID: ssl\ssl_cert.c
                                                                                                                                                                                                  • API String ID: 1247630535-188639428
                                                                                                                                                                                                  • Opcode ID: f677709718d93552d8027689b32b45c554e57cb435ab97ead0f65c0383002070
                                                                                                                                                                                                  • Instruction ID: 74602d562c2cd931fa262c3c6aaefe6972b2d39c00110a267d3827a1e2ebe0cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f677709718d93552d8027689b32b45c554e57cb435ab97ead0f65c0383002070
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F119E32B28B5182F7209FA1E4601AC7368FB84F88F044022EE8D27A49DF3DE616C740
                                                                                                                                                                                                  Function 00007FF7924118E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                  • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                  • Instruction ID: 0e90de1b4e3e3f4caa6767b5f151e1b81ea6e8a03fb43bf10d9b6577dc5cfbac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41B19222B1869241FB71FB7595005B9F361EB64BE4FA44131EA5D07BE6EEBCE841C320
                                                                                                                                                                                                  Function 00007FFD93824240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$L_cleanse
                                                                                                                                                                                                  • String ID: ssl\record\rec_layer_d1.c
                                                                                                                                                                                                  • API String ID: 927910673-2186836241
                                                                                                                                                                                                  • Opcode ID: 44b3c6bf8012a27b53b5f833e8173c648c715beaa60faf7cae1ab55fb90af63a
                                                                                                                                                                                                  • Instruction ID: dabbe928b2ed0ddfa64c3262abbb0b38ab832df7a49962fbb6eeb1be77d4111e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44b3c6bf8012a27b53b5f833e8173c648c715beaa60faf7cae1ab55fb90af63a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29114F22F14B8282EB24DF66D5502692365FB99F88F056226DE4D1375AEF29E5D0C300
                                                                                                                                                                                                  Function 00007FFD937E1181 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                  • String ID: ssl\statem\statem_dtls.c
                                                                                                                                                                                                  • API String ID: 2581946324-3166991913
                                                                                                                                                                                                  • Opcode ID: 7e5d58ef02929c0796df1219daedf5a05ad9669c6ce015aa37865039ba1f7ce7
                                                                                                                                                                                                  • Instruction ID: 301eacaee4d7ef1501332f9fc23c4e5d233860d71fa1826a346e740d2109cd6c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e5d58ef02929c0796df1219daedf5a05ad9669c6ce015aa37865039ba1f7ce7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEF03051F2570755FE34ABD5D8716B4131AAF48B88F441071DD0E67A92AD2FE60DC700
                                                                                                                                                                                                  Function 00007FFD93809230 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$Y_free
                                                                                                                                                                                                  • String ID: ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 3642664693-1984206432
                                                                                                                                                                                                  • Opcode ID: 53e4ede5e3808e3c40400b7f22d1a6489d5063abd375fbd966ee0169dc14f73a
                                                                                                                                                                                                  • Instruction ID: 52c369f717d65a4bac65c7108e1bd2aaea30443c31d724d8912d5ada367065ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53e4ede5e3808e3c40400b7f22d1a6489d5063abd375fbd966ee0169dc14f73a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5E09240F5930140FA20A7E2CC212B4130A6F54B80F440032EC0D27792DE1FD6458302
                                                                                                                                                                                                  Function 00007FFD937E23DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                  • String ID: ssl\ssl_sess.c
                                                                                                                                                                                                  • API String ID: 3962629258-3038452671
                                                                                                                                                                                                  • Opcode ID: 3e35f83bb8e51da9468aba90f6171bb24082aa6d6d9d9da46c0ce098b7c08070
                                                                                                                                                                                                  • Instruction ID: 738b60fcd923e241a9c10a75530b8fe3b612576b22d5e1cee2e97471a459ed80
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e35f83bb8e51da9468aba90f6171bb24082aa6d6d9d9da46c0ce098b7c08070
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2019B31B1DF8191E7618B55F5602A9A268FF48FC4F084131EE5D27F99DF2DE6528700
                                                                                                                                                                                                  Function 00007FFD93853110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                  • String ID: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\include\internal/packet.h
                                                                                                                                                                                                  • API String ID: 3962629258-1620312991
                                                                                                                                                                                                  • Opcode ID: 3f363b2f94b744739a04a0daed8d2f50ad8c5abb77f7efc5a22f78c8e91c8aa6
                                                                                                                                                                                                  • Instruction ID: 2b317e7311cd904ce841056887ab5e48a5058a62438f6a3d5ffc1e084f11eddb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f363b2f94b744739a04a0daed8d2f50ad8c5abb77f7efc5a22f78c8e91c8aa6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED018F32B16B4290EB60CF92E890699B3A9FB58BC0F088035EF8C57B45EF3DD1508340
                                                                                                                                                                                                  Function 00007FFD93839120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeO_memdup
                                                                                                                                                                                                  • String ID: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\include\internal/packet.h
                                                                                                                                                                                                  • API String ID: 3962629258-1620312991
                                                                                                                                                                                                  • Opcode ID: d0a4b133d713554598bcddb70a70909170530fd6a31184e0daaea2be2deec7a7
                                                                                                                                                                                                  • Instruction ID: e4d3662db7b7b715e0da3f5cbee8e8ab717d6de74107dda3e0f4461dd437b05f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0a4b133d713554598bcddb70a70909170530fd6a31184e0daaea2be2deec7a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81012C32716B4291EB609F42E89069973A9FB58B80F088435EE8CA7B55EF3DD5518740
                                                                                                                                                                                                  Function 00007FFD93815288 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeX_free
                                                                                                                                                                                                  • String ID: ssl\t1_lib.c
                                                                                                                                                                                                  • API String ID: 2813942177-1168734446
                                                                                                                                                                                                  • Opcode ID: 6bd8aef525b4ab2194750bd54c4c24aa919ab4a7fe758dec1ff2db7690f9a9b1
                                                                                                                                                                                                  • Instruction ID: 3ab201beed924ce71969db6648fbaa319d5ca20d01a49341b4c20c96612d1a71
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bd8aef525b4ab2194750bd54c4c24aa919ab4a7fe758dec1ff2db7690f9a9b1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3F0AE11F5D20382FE74B7E5C4723B821D59F4AB40F684031D90D667D2ED6EE585C700
                                                                                                                                                                                                  Function 00007FFD938393D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeO_strndup
                                                                                                                                                                                                  • String ID: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\include\internal/packet.h
                                                                                                                                                                                                  • API String ID: 2641571835-1620312991
                                                                                                                                                                                                  • Opcode ID: 536beb51551c02c82fe11203b7bea2e261313654e45529ddf9b083cbf2ae127f
                                                                                                                                                                                                  • Instruction ID: 2c8443a2208e7356f2d525223834b74237f1ee34d6507d4ef6da69b7e9720280
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 536beb51551c02c82fe11203b7bea2e261313654e45529ddf9b083cbf2ae127f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06F0E532B08B4290EB109B92F8A16EC6365AB4CBD4F448036EE0D977A6DF2CD654C301
                                                                                                                                                                                                  Function 00007FFD93853330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeO_strndup
                                                                                                                                                                                                  • String ID: C:\b\abs_25mqphatbo\croot\openssl_1725545335595\work\include\internal/packet.h
                                                                                                                                                                                                  • API String ID: 2641571835-1620312991
                                                                                                                                                                                                  • Opcode ID: e9115ff94e65745dd47e50b76ee41a67eb332483146e118c77899cb5c2b2823c
                                                                                                                                                                                                  • Instruction ID: 2c8443a2208e7356f2d525223834b74237f1ee34d6507d4ef6da69b7e9720280
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9115ff94e65745dd47e50b76ee41a67eb332483146e118c77899cb5c2b2823c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06F0E532B08B4290EB109B92F8A16EC6365AB4CBD4F448036EE0D977A6DF2CD654C301
                                                                                                                                                                                                  Function 00007FFD93829450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_cleanseO_free
                                                                                                                                                                                                  • String ID: ssl\record\ssl3_buffer.c
                                                                                                                                                                                                  • API String ID: 4015144264-907675498
                                                                                                                                                                                                  • Opcode ID: 7c235bfb9c963169e95fd0c33a8886a267c80de871a3b03140af0aa1c34187a7
                                                                                                                                                                                                  • Instruction ID: 388057384ad38b7b95d62a988ea93eafdee514d40c8c7f8571a95a17248abaaf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c235bfb9c963169e95fd0c33a8886a267c80de871a3b03140af0aa1c34187a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8F03761B16B8184F7A0EBADD4957D82395EF44B84F580334DE4C8F396EF2AD596C310
                                                                                                                                                                                                  Function 00007FFD937E11A9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeX_free
                                                                                                                                                                                                  • String ID: ssl\t1_lib.c
                                                                                                                                                                                                  • API String ID: 2813942177-1168734446
                                                                                                                                                                                                  • Opcode ID: 8738972c4e2fa9eb88a4697cf8f055e21c46790761e0e1b44c50bd706146b294
                                                                                                                                                                                                  • Instruction ID: fcf0f4f11418019f638c8371642ad576a4b2786979b245d2d564a1f2599b1eeb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8738972c4e2fa9eb88a4697cf8f055e21c46790761e0e1b44c50bd706146b294
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DE01251F5D60341FA74B7E598722F452099F8A780F985070FD0E6B793BD5EF5548300
                                                                                                                                                                                                  Function 00007FFD937E1140 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E4FA0: CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFD937E411F), ref: 00007FFD937E5094
                                                                                                                                                                                                  • CRYPTO_free.LIBCRYPTO-3-X64 ref: 00007FFD937E4136
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                  • String ID: crypto\packet.c
                                                                                                                                                                                                  • API String ID: 2581946324-224687097
                                                                                                                                                                                                  • Opcode ID: ca4715a3937a5fcede1d4f0dd60bbf4200a5aba89b5c01b394d0aea74bb119b4
                                                                                                                                                                                                  • Instruction ID: 5aca2b1e1fdbec7b27f381137c47a7067eda9d4f8ee11f74192b4262aec042b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca4715a3937a5fcede1d4f0dd60bbf4200a5aba89b5c01b394d0aea74bb119b4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F0B4A6B1860281EF305BE6E86137A33E9EF48794F542030EA0C97795DF7CD991C700
                                                                                                                                                                                                  Function 00007FFD937E236A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                  • String ID: ssl\record\ssl3_record.c
                                                                                                                                                                                                  • API String ID: 2581946324-2781342121
                                                                                                                                                                                                  • Opcode ID: f5c1acfcafec9e95ef7f173c3de2da66ebff9e37c26cac00c65164495a5b2b56
                                                                                                                                                                                                  • Instruction ID: 42bd386629f1cd46e5deb93bbdc7f70841f5160d4c674a0967f3c56491f386e0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5c1acfcafec9e95ef7f173c3de2da66ebff9e37c26cac00c65164495a5b2b56
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6F0E932F2864180EBA05B94F8903A8A3AAFF48BD0F585030FE4E67748EE2DC150C700
                                                                                                                                                                                                  Function 00007FFD9382F380 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                  • String ID: ssl\statem\extensions.c
                                                                                                                                                                                                  • API String ID: 2581946324-3728926295
                                                                                                                                                                                                  • Opcode ID: 65d6b6822f9268e4ce3ec000d1a0711c40d0d62ba9e6d5f28d701943b5eca96c
                                                                                                                                                                                                  • Instruction ID: 8cc48958909456a22972c4b8fd4935176261f9673c8a2d9905bd369d1743c58a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65d6b6822f9268e4ce3ec000d1a0711c40d0d62ba9e6d5f28d701943b5eca96c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2E05BA5B1578149E7A097A5D8557D53394EB4D744F440070DD0DCBB83FF2DC2958311
                                                                                                                                                                                                  Function 00007FFD937ED28F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                  • String ID: ssl\s3_lib.c
                                                                                                                                                                                                  • API String ID: 2581946324-3639828702
                                                                                                                                                                                                  • Opcode ID: 994dd01d436c8fe80640b18142476d817d2004a4de9a83be87cb797d06a34208
                                                                                                                                                                                                  • Instruction ID: dc8e7bad175deb3b9b2bd8af399a76015ca6ef3bf476f556abc06707bfd3dfd0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 994dd01d436c8fe80640b18142476d817d2004a4de9a83be87cb797d06a34208
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37E0CD22708B4180E710AF95F4402DC6319F781BA8F1D4032DF0C0BB99CE7DD0969311
                                                                                                                                                                                                  Function 00007FFD9382F320 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                  • String ID: ssl\statem\extensions.c
                                                                                                                                                                                                  • API String ID: 2581946324-3728926295
                                                                                                                                                                                                  • Opcode ID: e7f57fe22dd86f12b2ff9c14161d95bdeecd95c3c476ee334efaa8fbc93f00d9
                                                                                                                                                                                                  • Instruction ID: d143a61ac3f775cd68aee61bd1b3751c4b407b9c31083de123bf879599ddd9e1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7f57fe22dd86f12b2ff9c14161d95bdeecd95c3c476ee334efaa8fbc93f00d9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68D0A7A5F04A8041F760A7E5E8593D83315EB08748F440031DD0C4B7C3DF1ED1C58310
                                                                                                                                                                                                  Function 00007FFD938293A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free
                                                                                                                                                                                                  • String ID: ssl\record\ssl3_buffer.c
                                                                                                                                                                                                  • API String ID: 2581946324-907675498
                                                                                                                                                                                                  • Opcode ID: a8137e75db9d03d3c67e69169518263ee716decf4326ad47b497259ab38b433a
                                                                                                                                                                                                  • Instruction ID: 7ea0e92bd52584bb905f6e1dd60f66918c071de835bcb4b0da1f875efc7f5815
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8137e75db9d03d3c67e69169518263ee716decf4326ad47b497259ab38b433a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15D0A7A2F1450181EB217BA1DC113943396AF48744F448030D90C47782EE2D9544C700
                                                                                                                                                                                                  Function 00007FFD9380E3A0 Relevance: 3.1, APIs: 2, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_unlockD_write_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1724170673-0
                                                                                                                                                                                                  • Opcode ID: 8981e45a1fd0c7796f50363af76462be252cdbfd007a875cc1a09d3facaa3990
                                                                                                                                                                                                  • Instruction ID: fb0c0dfa57ef121d5beb6e45c1ee954bc40ba93ad1b5351a2303fc1856128432
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8981e45a1fd0c7796f50363af76462be252cdbfd007a875cc1a09d3facaa3990
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1221F862716E8142DF54CF69DB543AD2299EF44BE4F188330EE2C4BFD9DE29D5414300
                                                                                                                                                                                                  Function 00007FFD9380E1D4 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_unlockD_write_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1724170673-0
                                                                                                                                                                                                  • Opcode ID: a3694caf94de227a47eefb458353a65b6f792415d1a039b8899efd1879030768
                                                                                                                                                                                                  • Instruction ID: 4379cb1ad3f4158d4c6f172cba1324ba982684e09ccb9ad2025919096e69aa0e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3694caf94de227a47eefb458353a65b6f792415d1a039b8899efd1879030768
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37110872B1668182EB64DFA1E8642AD225CFF84FD8F144236EE1D5BBD5DE1DD5028340
                                                                                                                                                                                                  Function 00007FFD937E21D0 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_memcmp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2788248766-0
                                                                                                                                                                                                  • Opcode ID: 81ff9c3f7bffb487377b0da625b0fe7f1ed69ab14b97af84ac4ad9bd11c00c5f
                                                                                                                                                                                                  • Instruction ID: bc1b1d3a1d02eecd267bc3229fe1da3fd6b33fd9a692110ba4c4200eaa13a7b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81ff9c3f7bffb487377b0da625b0fe7f1ed69ab14b97af84ac4ad9bd11c00c5f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81319E26709BA185DB228F51E4102AAB6A9FB48B84F488031EECD27B55DB7DD551C704
                                                                                                                                                                                                  Function 00007FFD937F2170 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_run_once
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1403826838-0
                                                                                                                                                                                                  • Opcode ID: 1acd7e19e876e801ac436fd856f4c81d1269ab1dfe548cc2d592e96d6281e183
                                                                                                                                                                                                  • Instruction ID: 54655c787cc72122db9bbea622b6e98279f18d82d814a7dce70134db406b9944
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1acd7e19e876e801ac436fd856f4c81d1269ab1dfe548cc2d592e96d6281e183
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AE0C224F0D1038AFB74ABA8EC716B132A8BF40390F804238E41EA21E1DE0DF905C700
                                                                                                                                                                                                  Function 00007FFD937E12CB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_run_once
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1403826838-0
                                                                                                                                                                                                  • Opcode ID: fe2ebca0dfbf297dd9b3428df5253ce3ffe1fc4227673d2c10ae01cf407de701
                                                                                                                                                                                                  • Instruction ID: be5b1387ca6df70a69f099b460eb23845b81ae515f2897f41b53705afd21be64
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe2ebca0dfbf297dd9b3428df5253ce3ffe1fc4227673d2c10ae01cf407de701
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DD0C994F1E60785FA316BE8E8720B42619BF40350FC04072D00C666A2ED1DE61A8780
                                                                                                                                                                                                  Function 00007FF7923F5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5830
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5842
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5879
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F588B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58A4
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58B6
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58CF
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58E1
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F58FD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F590F
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F592B
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F593D
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5959
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F596B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5987
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F5999
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F59B5
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF7923F64BF,?,00007FF7923F336E), ref: 00007FF7923F59C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                  • API String ID: 199729137-653951865
                                                                                                                                                                                                  • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction ID: dc9a3d2920fc2324e18cebe888cca7e9e06e64a0fd30e45e3336abc934e0cc1d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D22B424B4DB0795FA35FB75B8916B4B3A0BF24781BE45039C81E02675EFFCA948C261
                                                                                                                                                                                                  Function 00007FF7923F76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                  • API String ID: 199729137-3427451314
                                                                                                                                                                                                  • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction ID: b357af498b1b287ba1627b060aa7c77e618f048a8e88d4f892687b9f9a82c47a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8028F64A0DB17D5FA34FB75B8115B4B2A1BF28794FE44039D81E02276EFBCA948C630
                                                                                                                                                                                                  Function 00007FFD93821110 Relevance: 56.2, APIs: 21, Strings: 11, Instructions: 186COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$D_get0_nameD_get_sizeF_fetchF_freeX_freeX_new
                                                                                                                                                                                                  • String ID: TLS13-KDF$derived$digest$key$label$mode$prefix$salt$ssl\tls13_enc.c$tls13 $tls13_generate_secret
                                                                                                                                                                                                  • API String ID: 2603205826-1693554116
                                                                                                                                                                                                  • Opcode ID: 9d5492374ac2ed16757942ea7aa6c3c36804af87272c8d10b8f0e35083c595ca
                                                                                                                                                                                                  • Instruction ID: d54e2e01b5de92c9f7d9b8798f048c8fd435598850835be540a281ccfb3e659d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d5492374ac2ed16757942ea7aa6c3c36804af87272c8d10b8f0e35083c595ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D91B312F18B8681E731DFA4D4216F967A9FF95B84F409231EE4D27656EF39E189C300
                                                                                                                                                                                                  Function 00007FFD937E22D4 Relevance: 52.7, APIs: 26, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_new$D_get_typeO_ctrlO_freeX_copy_exX_freeX_get0_md
                                                                                                                                                                                                  • String ID: ssl3-ms$ssl3_digest_cached_records$ssl3_final_finish_mac$ssl\s3_enc.c
                                                                                                                                                                                                  • API String ID: 2271831671-3373876989
                                                                                                                                                                                                  • Opcode ID: 49d08939529287adb62ce3f3d61106c5aacbe07012124325c57dfac7a47ca38c
                                                                                                                                                                                                  • Instruction ID: 8877f9f2694be07f764c0381e11a57a65d1abd3f0f0e64e7f4572f56d344e23e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49d08939529287adb62ce3f3d61106c5aacbe07012124325c57dfac7a47ca38c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC81BE22F1C68381FB31ABE1D8317F92798AF94784F445031ED0D6B7A2EE2DE5498340
                                                                                                                                                                                                  Function 00007FFD93805210 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_set_debug$R_new$R_set_error
                                                                                                                                                                                                  • String ID: bytes_to_cipher_list$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 3684861273-3149634892
                                                                                                                                                                                                  • Opcode ID: 0deb77d7249b8e3c9c9345a19f278b9109599aea2814dbbca3ee27e23d58a545
                                                                                                                                                                                                  • Instruction ID: b25db437d0891ce28e73330c73e173705c3b780d104059f4f5baddd006d266b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0deb77d7249b8e3c9c9345a19f278b9109599aea2814dbbca3ee27e23d58a545
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C81C122B1C74281FBB1ABE1E4217FA6299BF80784F444031DD4D27B95DE3EE58AC751
                                                                                                                                                                                                  Function 00007FFD937E129E Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugX509_free$R_clear_error$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                  • String ID: ssl\ssl_rsa.c$use_certificate_chain_file
                                                                                                                                                                                                  • API String ID: 2477526543-2175753170
                                                                                                                                                                                                  • Opcode ID: 5c2cdd7615f03603f33bc6cb8015bb366caff54ff29c0d24b74affaacf0c71c2
                                                                                                                                                                                                  • Instruction ID: bb1e50194cf614e3a2710ee221e4ca922cb0267e2505930b746c48762501d40b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c2cdd7615f03603f33bc6cb8015bb366caff54ff29c0d24b74affaacf0c71c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1371C026B1DB4281FA30ABE1E8352FD52ADAF84784F544031ED0E6BB96DE3EF5448340
                                                                                                                                                                                                  Function 00007FFD93817810 Relevance: 40.6, APIs: 20, Strings: 3, Instructions: 384COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: DSA$RSA$gfffffff
                                                                                                                                                                                                  • API String ID: 0-2263753174
                                                                                                                                                                                                  • Opcode ID: e34b1060c8dd626bf625720a405ff0d0567375b762738d49f353d9d22904e585
                                                                                                                                                                                                  • Instruction ID: 9b8af6f68022ffc4aec37fec2d055ead421350cac3859363091186d517949531
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e34b1060c8dd626bf625720a405ff0d0567375b762738d49f353d9d22904e585
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4E1CF21F0C64781FE749BE694717BA5289BF80B88F544439ED0EA73C6EE3EE9458700
                                                                                                                                                                                                  Function 00007FFD937E20C2 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Digest$Update$Final_exInit_ex$L_cleanseR_newR_set_debugX_freeX_new
                                                                                                                                                                                                  • String ID: ssl3_generate_master_secret$ssl\s3_enc.c
                                                                                                                                                                                                  • API String ID: 284231625-120754557
                                                                                                                                                                                                  • Opcode ID: 9b82ffe4ec101ef16ba8ade283ab1b1a9c18db6a5d10a493099cc17e491c3c63
                                                                                                                                                                                                  • Instruction ID: 3d50dcde37d0ec4d811cf15051ede791fa592c9d9e4a6e50cd13749b62ba5981
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b82ffe4ec101ef16ba8ade283ab1b1a9c18db6a5d10a493099cc17e491c3c63
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9518225B2878745EA34ABE6E9217BA6398FF85BC4F405070ED4EA7B56DE3DE005C700
                                                                                                                                                                                                  Function 00007FFD9385A3C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$Y_free
                                                                                                                                                                                                  • String ID: ssl\statem\statem_srvr.c$tls_process_cke_dhe
                                                                                                                                                                                                  • API String ID: 2633058761-2145857467
                                                                                                                                                                                                  • Opcode ID: 6008a7ba8ce1a13a041b9a7fd3425c91669fbac50c5c51b826afe1b0d5c7d7d2
                                                                                                                                                                                                  • Instruction ID: 051aac642314aca8d88709311f52f19da351432b2b119ac79459d7d7ef1c8397
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6008a7ba8ce1a13a041b9a7fd3425c91669fbac50c5c51b826afe1b0d5c7d7d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD41AD21B1878290FB31EBD1E8B16B9A769AF81B90F844071DD4D37BD6DE3EE5858340
                                                                                                                                                                                                  Function 00007FFD937EB270 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$O_ctrlO_freeX_new
                                                                                                                                                                                                  • String ID: ssl3_digest_cached_records$ssl\s3_enc.c
                                                                                                                                                                                                  • API String ID: 1193811298-2941011472
                                                                                                                                                                                                  • Opcode ID: 4eb4c07eaa3647815cc4b0067b50d4a921b9c48808522cd4f0c5a805361b758f
                                                                                                                                                                                                  • Instruction ID: 9d7559ef88da3b7bf48e0cff2702e5a0d23bf6d8501b9fcddb866e1ca04c4a49
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eb4c07eaa3647815cc4b0067b50d4a921b9c48808522cd4f0c5a805361b758f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE41E631B2868281F771EBE5E8617E93368EF88784F840031EE0D67796DF2DE5458740
                                                                                                                                                                                                  Function 00007FFD937F7130 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 327stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strncmp$R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: SECLEVEL=$STRENGTH$ssl\ssl_ciph.c$ssl_cipher_process_rulestr
                                                                                                                                                                                                  • API String ID: 1930259724-2883399597
                                                                                                                                                                                                  • Opcode ID: 3d4463b485d5e1729537dfb3fc3bd232981c25f71c22c13505a53d0858cfb005
                                                                                                                                                                                                  • Instruction ID: 8e534081ada6a9e662f5760e8537495e99435ea94e949df3a796304997476de4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d4463b485d5e1729537dfb3fc3bd232981c25f71c22c13505a53d0858cfb005
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CD1BE72B0C6C2A6F7748A99A46077A76A9FB487C0F444135EE8D636D4DE3CE841CB80
                                                                                                                                                                                                  Function 00007FFD937E1078 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errorX_set0_default$conf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                  • String ID: name=%s$ssl\ssl_mcnf.c$ssl_do_config$system_default
                                                                                                                                                                                                  • API String ID: 4067701900-1483527906
                                                                                                                                                                                                  • Opcode ID: 54a6be8ab19f074e1ad89a952815576ea5e4b53d7da7036300b906d4ed39e7e1
                                                                                                                                                                                                  • Instruction ID: a5a24ab2d3a8e99ff8c4a9bfb36c38f43d4d74bb1724821e205ca95dfa667964
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54a6be8ab19f074e1ad89a952815576ea5e4b53d7da7036300b906d4ed39e7e1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51E562B0974381FA30ABD2A8216FA639AFF84B84F444831ED4D677A6DE3DE545C340
                                                                                                                                                                                                  Function 00007FF7923F81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7923F45E4,00000000,00007FF7923F1985), ref: 00007FF7923F9439
                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7923F88A7,?,?,00000000,00007FF7923F3CBB), ref: 00007FF7923F821C
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2810: MessageBoxW.USER32 ref: 00007FF7923F28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                  • API String ID: 1662231829-930877121
                                                                                                                                                                                                  • Opcode ID: 6e1db7188d29f55993033d39f9d092d149d7f4b46b4bc38197dd47a6e93f4cef
                                                                                                                                                                                                  • Instruction ID: 2f68ebe3f6dbb2bfc613c94055e0a4c35535fd25d9d824a628add5b88bae7b4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e1db7188d29f55993033d39f9d092d149d7f4b46b4bc38197dd47a6e93f4cef
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5519411B2864295FF74FB31F9526FAE260AF94780FD4443ED50E426A6EFACE804C760
                                                                                                                                                                                                  Function 00007FFD9381F810 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 177COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EVP_MD_get_size.LIBCRYPTO-3-X64(?,0000077C,?,?,00007FFD93821BC3), ref: 00007FFD9381F832
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64(?,0000077C,?,?,00007FFD93821BC3), ref: 00007FFD9381F83B
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,0000077C,?,?,00007FFD93821BC3), ref: 00007FFD9381F853
                                                                                                                                                                                                  • EVP_CipherInit_ex.LIBCRYPTO-3-X64(?,0000077C,?,?,00007FFD93821BC3), ref: 00007FFD9381FA3D
                                                                                                                                                                                                  • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-3-X64(?,0000077C,?,?,00007FFD93821BC3), ref: 00007FFD9381FA52
                                                                                                                                                                                                  • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-3-X64(?,0000077C,?,?,00007FFD93821BC3), ref: 00007FFD9381FA6C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: X_ctrl$CipherD_get_sizeInit_exR_newR_set_debug
                                                                                                                                                                                                  • String ID: derive_secret_key_and_iv$key$ssl\tls13_enc.c
                                                                                                                                                                                                  • API String ID: 2320511427-1406268764
                                                                                                                                                                                                  • Opcode ID: a7b6014b48812629fd2803a322781c54450ee50a1e10480ad8cfbb5982510cbb
                                                                                                                                                                                                  • Instruction ID: c927b0241023a3956a10365fd290c912436220e19c6c4f1bb1d06ddb28dc06e4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7b6014b48812629fd2803a322781c54450ee50a1e10480ad8cfbb5982510cbb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5271A03271878285E7709BD1E8607BAB7A9FB84B84F140235EE8DA7B95DF3DE0458700
                                                                                                                                                                                                  Function 00007FF7923F1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-1550345328
                                                                                                                                                                                                  • Opcode ID: 497906f39c1d0b6510f5c6dae0c51f4ccb301c69da3955e1302a87d9635b48e2
                                                                                                                                                                                                  • Instruction ID: 1bf55ee2efe303772ea2934db6b22443ad5ebd12f707e9169b80c42449e2276e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 497906f39c1d0b6510f5c6dae0c51f4ccb301c69da3955e1302a87d9635b48e2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B518C61B0864282FA30FB32B4015F9A360BF44B94FD44139EE4D077A6DEBCE959C760
                                                                                                                                                                                                  Function 00007FFD9384A340 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                  • String ID: ssl\statem\statem_clnt.c$tls_process_ske_ecdhe
                                                                                                                                                                                                  • API String ID: 2988517565-2515942935
                                                                                                                                                                                                  • Opcode ID: fe1df3b283c6e1270261070577cef913a6f30b4f88894ae3e1ca3ba5c7a7c8d7
                                                                                                                                                                                                  • Instruction ID: 25ec8bae4a929eabf97ac5268817e2ada0af2e118245a2bb74cbaf084784b609
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe1df3b283c6e1270261070577cef913a6f30b4f88894ae3e1ca3ba5c7a7c8d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2151CD32B08B8282F770DB91E9656B96368FB88784F444032DE4D67B96DF3EE645C740
                                                                                                                                                                                                  Function 00007FFD93823360 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$N_ucmp$N_is_zeroN_num_bits
                                                                                                                                                                                                  • String ID: srp_verify_server_param$ssl\tls_srp.c
                                                                                                                                                                                                  • API String ID: 3341325393-1772774368
                                                                                                                                                                                                  • Opcode ID: 7525ca30900f2ffe7f2f4d1386011d1066852c1ac1b6645232753d4b3298c5a8
                                                                                                                                                                                                  • Instruction ID: b0b95c124919db6374de1a5837f4ea24124a3d4367879c6b944916bc61cdbfbd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7525ca30900f2ffe7f2f4d1386011d1066852c1ac1b6645232753d4b3298c5a8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7314C10B6864381FB71ABE1D8717F92259AF94B98F484071DD0DAB7D6DE2EE6868300
                                                                                                                                                                                                  Function 00007FFD9383F3E0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 204COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • BUF_MEM_grow_clean.LIBCRYPTO-3-X64(?,?,?,00000000,-00000031,?,00007FFD9383FB2D), ref: 00007FFD9383F563
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: M_grow_clean
                                                                                                                                                                                                  • String ID: read_state_machine$ssl\statem\statem.c
                                                                                                                                                                                                  • API String ID: 964628749-2676740512
                                                                                                                                                                                                  • Opcode ID: 4e63176d9028b16e850b37678749b0103675979f617727ae35a5e6b0c852878f
                                                                                                                                                                                                  • Instruction ID: 2c76d3ef5d7b265a99a6e6b22efc412579fdb929c41182ab0bb3379d7947e5a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e63176d9028b16e850b37678749b0103675979f617727ae35a5e6b0c852878f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76918C22B0868285FB749FA5D9603B933A9EF84B48F584136CE0D677A5DF3EE445C380
                                                                                                                                                                                                  Function 00007FFD9381F400 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_indent$O_printf$O_puts
                                                                                                                                                                                                  • String ID: No Ticket$ticket$ticket_age_add=%u$ticket_lifetime_hint=%u$ticket_nonce
                                                                                                                                                                                                  • API String ID: 1353156648-4248733311
                                                                                                                                                                                                  • Opcode ID: ce96160c7d0e0da2f3fd3a30653d86e04c26e69d1ebae4719b076d2447cabd6f
                                                                                                                                                                                                  • Instruction ID: 6afd4c98e1f5c5661cb1cb7bfaa5179662804a9f3e666f243c0f7a66a9fe913d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce96160c7d0e0da2f3fd3a30653d86e04c26e69d1ebae4719b076d2447cabd6f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E051F322B187E146EB30CBA9D4A42A97799FB44790F444231EE9C57BE9DF3DE14AC700
                                                                                                                                                                                                  Function 00007FFD937FA2B0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_ctrl$O_freeO_newO_s_fileR_clear_last_markR_pop_to_markR_set_markX_freeY_free
                                                                                                                                                                                                  • String ID: PEM
                                                                                                                                                                                                  • API String ID: 753178889-379482575
                                                                                                                                                                                                  • Opcode ID: 6eb250ff59342963be557e2c20c09b82b7177075460508a9e69ea744e8a271c2
                                                                                                                                                                                                  • Instruction ID: 47c8a84eede299d86f43c141006c5cf6a991909dd631d631b2269be8dbae1391
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6eb250ff59342963be557e2c20c09b82b7177075460508a9e69ea744e8a271c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB418162B0DB4281EA74EB96A82067973D9FF88B84F040035EE8E57B95DF3DE405CB41
                                                                                                                                                                                                  Function 00007FFD93843810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$R_set_errorX509_get0_pubkey
                                                                                                                                                                                                  • String ID: ssl3_check_cert_and_algorithm$ssl\statem\statem_clnt.c
                                                                                                                                                                                                  • API String ID: 1177010120-762223334
                                                                                                                                                                                                  • Opcode ID: 07eba22ebdfa5b6a4baeecd8f35cde1440cd42363f8f91f4d0c9122404ccc3c1
                                                                                                                                                                                                  • Instruction ID: a63e121eb1e86b066acdd089bd38fc86a459d3b476ef6923e99660d6e619e2c9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07eba22ebdfa5b6a4baeecd8f35cde1440cd42363f8f91f4d0c9122404ccc3c1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E741A321B1868242F7B0D7D5F4653E96768EF89780F440032EE0D67BE6CF2EE9828740
                                                                                                                                                                                                  Function 00007FFD93809330 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: X_set0_default$R_newR_set_debugR_set_errorconf_ssl_getconf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                  • String ID: ssl\ssl_mcnf.c$ssl_do_config$system_default
                                                                                                                                                                                                  • API String ID: 383195463-297862813
                                                                                                                                                                                                  • Opcode ID: 3f48beb9198e30ceed22c8b5c9ab7e87d07a0b3854abd17522ca36e7590accde
                                                                                                                                                                                                  • Instruction ID: 777a3338e1ebc77a6b7f18146696261f9a7e62d5083b43024d9de02301c48fa4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f48beb9198e30ceed22c8b5c9ab7e87d07a0b3854abd17522ca36e7590accde
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31C162B1C74782FA30ABD6E4211B9A399FF85B80F444431EE4E23BA6DE3DE505C740
                                                                                                                                                                                                  Function 00007FFD937E12B7 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_ctrlO_free_allO_method_typeO_newO_nextO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: SSL_set_rfd$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 1876162228-2683691838
                                                                                                                                                                                                  • Opcode ID: 059499308c5bb68ea7ea1d7765c4d76891fc1f273875bd3ee94a3417d41afd76
                                                                                                                                                                                                  • Instruction ID: b3ef3938043097f24bec76391cb2fb7666a5001f1ec101677ac84a58fc8a74cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 059499308c5bb68ea7ea1d7765c4d76891fc1f273875bd3ee94a3417d41afd76
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3021F821F6974282FA70FBE5E4316FE5258EF84780F440531EE0E67B96DE2EE4544B40
                                                                                                                                                                                                  Function 00007FFD937E12DA Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error$X509_freeX509_new_ex
                                                                                                                                                                                                  • String ID: SSL_CTX_use_certificate_ASN1$ssl\ssl_rsa.c
                                                                                                                                                                                                  • API String ID: 756758628-3637493151
                                                                                                                                                                                                  • Opcode ID: 10637934e328a1f955ddb2a02ef59fd01efde2f38e8984dc48dd6593f5969677
                                                                                                                                                                                                  • Instruction ID: 60e1e1f92d130e7a493db8a2622fddcf495b7fa7b7d796f346876422a9259c0b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10637934e328a1f955ddb2a02ef59fd01efde2f38e8984dc48dd6593f5969677
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1421D322B2864182EBA0E7E4F4616EDA359EF88780F841031FE0E53BA6DE3DD545C741
                                                                                                                                                                                                  Function 00007FFD937F9200 Relevance: 18.1, APIs: 12, Instructions: 87COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • OPENSSL_sk_dup.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F922B
                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F9244
                                                                                                                                                                                                  • OPENSSL_sk_value.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F9255
                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F9270
                                                                                                                                                                                                  • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F927C
                                                                                                                                                                                                  • OPENSSL_sk_value.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F9299
                                                                                                                                                                                                  • OPENSSL_sk_unshift.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F92BF
                                                                                                                                                                                                  • OPENSSL_sk_dup.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F92D1
                                                                                                                                                                                                  • OPENSSL_sk_free.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F92E1
                                                                                                                                                                                                  • OPENSSL_sk_free.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F92ED
                                                                                                                                                                                                  • OPENSSL_sk_set_cmp_func.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F92FF
                                                                                                                                                                                                  • OPENSSL_sk_free.LIBCRYPTO-3-X64(?,?,00000000,00007FFD937F56A4), ref: 00007FFD937F930F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_sk_freeL_sk_num$L_sk_dupL_sk_value$L_sk_set_cmp_funcL_sk_unshift
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 621534355-0
                                                                                                                                                                                                  • Opcode ID: aa24a5845cf373160a6f05c16d288b57412b859b505372153d2805e4b585d52c
                                                                                                                                                                                                  • Instruction ID: 7d69a9d8c8ee9d685cdec3872053b2becae420d0916a40756b1f309bca797776
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa24a5845cf373160a6f05c16d288b57412b859b505372153d2805e4b585d52c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF319421B1874245EA74EFE2A8711B97799BFC6BC4F084074EE4E97396EE3EE4058700
                                                                                                                                                                                                  Function 00007FFD9381E130 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9381BBDE), ref: 00007FFD9381E19A
                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9381BBDE), ref: 00007FFD9381E1DE
                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9381BBDE), ref: 00007FFD9381E235
                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9381BBDE), ref: 00007FFD9381E28E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                  • String ID: %s, Length=%d$UNKNOWN$Unsupported, hex dump follows:$message_seq=%d, fragment_offset=%d, fragment_length=%d
                                                                                                                                                                                                  • API String ID: 1860387303-4198474627
                                                                                                                                                                                                  • Opcode ID: b6eb0961a2fd68b6632bf8e536297770146d936459b3b26b051df69cd505455d
                                                                                                                                                                                                  • Instruction ID: 276ad8dfa6b8e460cfba6e004a97ebc355dbe10307188cfef8887672f3eccede
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6eb0961a2fd68b6632bf8e536297770146d936459b3b26b051df69cd505455d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1851237270C2E146E734CBA9A824A7E7BD9AB81790F008135EEAD13BD5CE3DE105C704
                                                                                                                                                                                                  Function 00007FFD9381D3F0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFD9381E050,?,?,?,?,?,?,00007FFD9381C238), ref: 00007FFD9381D426
                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFD9381E050,?,?,?,?,?,?,00007FFD9381C238), ref: 00007FFD9381D47A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                  • String ID: <EMPTY>$UNKNOWN$client_verify_data$extension_type=%s(%d), length=%d$server_verify_data
                                                                                                                                                                                                  • API String ID: 1860387303-127224826
                                                                                                                                                                                                  • Opcode ID: bfae195daf5f1512f22788c4856436a9f104c21567b352ca6289d974b63f5777
                                                                                                                                                                                                  • Instruction ID: a54c4f6355207484d12ae6b35b80a4f0d8cc4c0a61562a8904c8c9df343a0a88
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfae195daf5f1512f22788c4856436a9f104c21567b352ca6289d974b63f5777
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E41E032B087C295E6348BC1E5206B9A35DFB84784F454932DE8E23B96CF7EE549C700
                                                                                                                                                                                                  Function 00007FFD937E10BE Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 106COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_cleanse$R_newR_set_debugmemcpy
                                                                                                                                                                                                  • String ID: CLIENT_TRAFFIC_SECRET_N$SERVER_TRAFFIC_SECRET_N$ssl\tls13_enc.c$tls13_update_key$traffic upd
                                                                                                                                                                                                  • API String ID: 2498092708-3358169104
                                                                                                                                                                                                  • Opcode ID: dbdec91b9b26170196d1a02a529b5e410e2af5ddacf3b330f58e862ad0263f39
                                                                                                                                                                                                  • Instruction ID: 6146e5f565dda9aa0b31b67b3d9b8dedb6992527a9700cb3c934ef31b2abf58c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbdec91b9b26170196d1a02a529b5e410e2af5ddacf3b330f58e862ad0263f39
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14418732B08B8285E7709B95E8513AA739DFB84780F544035EE8D67B55EF3DD545C700
                                                                                                                                                                                                  Function 00007FFD937E230B Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\statem_lib.c$tls_process_change_cipher_spec
                                                                                                                                                                                                  • API String ID: 193678381-357517272
                                                                                                                                                                                                  • Opcode ID: c523738de1e9a317587b90708e0055947b43fd68cb061c4636276f59e04924d7
                                                                                                                                                                                                  • Instruction ID: a71763d42d8220b7f781a7a2451630c0b3c65e27a8d2c55f532d2eac099a5e29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c523738de1e9a317587b90708e0055947b43fd68cb061c4636276f59e04924d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24416D62B0928282FBB1EBE0D8627F82298EF44754F484072CD0D67692DF6DA5CAD300
                                                                                                                                                                                                  Function 00007FF7923F80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                  • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                  • API String ID: 3975851968-2863640275
                                                                                                                                                                                                  • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction ID: 4f69cfafea3f31140debda11bb921e65f5f9548f89e8c472e1d446051a40ad59
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B021D821B08A4281FB65BB7AB945179F250FF98B90F984334DE2D433E5DEACD951C220
                                                                                                                                                                                                  Function 00007FFD937E21A3 Relevance: 16.7, APIs: 11, Instructions: 174COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_sk_valueX509_get0_pubkeyX509_get_signature_infoY_get_security_bits
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3450173604-0
                                                                                                                                                                                                  • Opcode ID: a4c788c27053d11e0a62f7aafc82339944bb1ea1a8b002ee24fa9e1bdb4908ee
                                                                                                                                                                                                  • Instruction ID: f98b438904eb0b536cbd3595fa31dd4e2435b7fbcac26e08ab2cde38ffad7ec5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4c788c27053d11e0a62f7aafc82339944bb1ea1a8b002ee24fa9e1bdb4908ee
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51FD62F1D28246FAB4AFD565217BA5288BF85784F044035EDCEB7B86EF3DD8458700
                                                                                                                                                                                                  Function 00007FFD9381D080 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 179COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3-X64 ref: 00007FFD9381D0CE
                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3-X64 ref: 00007FFD9381D0E2
                                                                                                                                                                                                    • Part of subcall function 00007FFD9381E770: BIO_printf.LIBCRYPTO-3-X64(?,00007FFD9381BC8A), ref: 00007FFD9381E7B4
                                                                                                                                                                                                    • Part of subcall function 00007FFD9381E770: BIO_printf.LIBCRYPTO-3-X64(?,00007FFD9381BC8A), ref: 00007FFD9381E7CF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_printf$O_indent
                                                                                                                                                                                                  • String ID: EncryptedPreMasterSecret$GOST-wrapped PreMasterSecret$GostKeyTransportBlob$KeyExchangeAlgorithm=%s$dh_Yc$ecdh_Yc$psk_identity
                                                                                                                                                                                                  • API String ID: 1715996925-113291103
                                                                                                                                                                                                  • Opcode ID: 29f18fb8de4eb93a032217d02dd9c7cdcdd90d6d864b0856ab316d32cd1bb8e0
                                                                                                                                                                                                  • Instruction ID: aa9c3594444f6aba6ba791645e8d28587a2a32463a7843641fe8a8852422a0bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29f18fb8de4eb93a032217d02dd9c7cdcdd90d6d864b0856ab316d32cd1bb8e0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D261C722F0D68252EA748BD5A4292BAB65ABF85790F480532DEAD277D5DF3DE508C300
                                                                                                                                                                                                  Function 00007FFD938082E0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: ssl\ssl_lib.c$ssl_read_internal
                                                                                                                                                                                                  • API String ID: 1552677711-1440697101
                                                                                                                                                                                                  • Opcode ID: 52339e3add52fc98e8bfda3caed5b811bccd81d847fd49a71f9087f687467f08
                                                                                                                                                                                                  • Instruction ID: d65eb9025f383a6ba652573bce12b44640e6321e4eaf19d98f8fec2d5ae0db34
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52339e3add52fc98e8bfda3caed5b811bccd81d847fd49a71f9087f687467f08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8131B231B1974181E770DB94E4612EA7368EF84B84F540131EE4D637A5CF3EE986CB00
                                                                                                                                                                                                  Function 00007FFD937E1375 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_puts$O_printf
                                                                                                                                                                                                  • String ID: Master-Key:$%02X$RSA $Session-ID:
                                                                                                                                                                                                  • API String ID: 4098839300-1878088908
                                                                                                                                                                                                  • Opcode ID: 40fa0228834cc1f10fad1968df561ba7cdab14b531c89cf9df5dfe296212a344
                                                                                                                                                                                                  • Instruction ID: b7fbbe450871b86ad4c8e9467dafcfb03b4faca89439e717134a31ec9162a87e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40fa0228834cc1f10fad1968df561ba7cdab14b531c89cf9df5dfe296212a344
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB31A025F1868285FB749BD6E924379A3A9FF44780F488031EE1D63695DFAEE454C300
                                                                                                                                                                                                  Function 00007FFD937E12A8 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_freeO_new
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4227620691-0
                                                                                                                                                                                                  • Opcode ID: a4bfcbcce6fa5284064760e55c1a917b8712b8d04be25b01f8089338e1ba0a28
                                                                                                                                                                                                  • Instruction ID: 8af5225b9abd486c2b38b40746ee8e7d3aaf4000283b7351f2019753c1af6b73
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4bfcbcce6fa5284064760e55c1a917b8712b8d04be25b01f8089338e1ba0a28
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC218D11B2E75680F974B7E2547167962986F86BC4F4400B4EE0E27BA6EF2EF4024300
                                                                                                                                                                                                  Function 00007FF792406300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                  • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction ID: fc6b862741257330162f87c0ea128e61edd6fbe5bfccd56e0cb67201db4eecb5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF127D62E4815386FB347E25A154279B6B5FB40B50FC44435E69B4BAE8DBBCEDC0CB20
                                                                                                                                                                                                  Function 00007FF792401038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                  • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction ID: 8a43b2d5323ca251129efe9fc775dd712c74c6a4b4c576a9599c84289ac4fb4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52126022E4C14386FB34BA65A454679B6B1FB82754FC84435E69D47AE4DBBCECC0CB20
                                                                                                                                                                                                  Function 00007FF7923F1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: 2cc18631abd118827487f42f474dc9a6cd564392a6b0c042d6368d252b841070
                                                                                                                                                                                                  • Instruction ID: 771372b8d5290b0a4f41605328bb3a2779d476a0c79c7af7dec5acabc000d821
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cc18631abd118827487f42f474dc9a6cd564392a6b0c042d6368d252b841070
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE416D21B1865285FA20FB22B8016F9E3A0BF44BC4FD44479ED4D077A6DEBCE546C760
                                                                                                                                                                                                  Function 00007FF7923F8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,?,00000000,00007FF7923F3CBB), ref: 00007FF7923F88F4
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7923F3CBB), ref: 00007FF7923F88FA
                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00007FF7923F3CBB), ref: 00007FF7923F893C
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8A20: GetEnvironmentVariableW.KERNEL32(00007FF7923F388E), ref: 00007FF7923F8A57
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7923F8A79
                                                                                                                                                                                                    • Part of subcall function 00007FF7924082A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7924082C1
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F2810: MessageBoxW.USER32 ref: 00007FF7923F28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                  • API String ID: 3563477958-1339014028
                                                                                                                                                                                                  • Opcode ID: e7f7d737786deb8485312a2eb98f4769331debcd6954f8bf1608d04e150fa3ce
                                                                                                                                                                                                  • Instruction ID: cf0242bf01c4a64fb13dfa461c3fdd7c2f6c932fa38a730ef4c3aa32dd2d976b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7f7d737786deb8485312a2eb98f4769331debcd6954f8bf1608d04e150fa3ce
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01419411B1964285FE34FB31B9562FAA2A0AF99780FC04139DD0D477E6DEBCD945C3A0
                                                                                                                                                                                                  Function 00007FFD937E2234 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\statem_clnt.c$tls_construct_client_certificate
                                                                                                                                                                                                  • API String ID: 193678381-1158595938
                                                                                                                                                                                                  • Opcode ID: 30415e6ca59ebc5b66c1d3ec86e18268872f01891c0b391d1353c73556c9c248
                                                                                                                                                                                                  • Instruction ID: 2c6337ed2266ed8f17d61dddbaad5d60baa59ae16259689da91e1a3734a43b27
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30415e6ca59ebc5b66c1d3ec86e18268872f01891c0b391d1353c73556c9c248
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A419F21B1824282F7B09BD5E565BFD6658EF48B84F444032DD4DA7AD6DF2EE4858340
                                                                                                                                                                                                  Function 00007FFD9384E1C0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_ctrlR_newR_set_debugmemcpy
                                                                                                                                                                                                  • String ID: TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify$get_cert_verify_tbs_data$ssl\statem\statem_lib.c
                                                                                                                                                                                                  • API String ID: 152836652-1642080044
                                                                                                                                                                                                  • Opcode ID: 78453649750ab6aca629364f76008e5d8ae961dc0931f3cb0e5c0bf6c96fda20
                                                                                                                                                                                                  • Instruction ID: d01affb622c6b6cb0c96a71384743c9c9a50c4c41d9af2cf070f8fe1894ff00f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78453649750ab6aca629364f76008e5d8ae961dc0931f3cb0e5c0bf6c96fda20
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B41E422B08792C2E770CFA4D4606BC7764FB99B84F445132EA8CA3E91DF2EE195C300
                                                                                                                                                                                                  Function 00007FFD937E226B Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_early_data
                                                                                                                                                                                                  • API String ID: 193678381-3720901860
                                                                                                                                                                                                  • Opcode ID: 33b47618ebe696434f14cc50c59428737ea6b8979d632d4b1d97e53e498d2e43
                                                                                                                                                                                                  • Instruction ID: 97648cca462d8974004f99815797128cd37b8d3751f95e269a2a27a09ded41c6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33b47618ebe696434f14cc50c59428737ea6b8979d632d4b1d97e53e498d2e43
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF31AD61B1924241F7799BE4D8763F836A9EB84340F944032D90D277D2EF3EA685C710
                                                                                                                                                                                                  Function 00007FFD937E1384 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                  • String ID: SSL_CTX_set_cipher_list$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 1603723057-2435423952
                                                                                                                                                                                                  • Opcode ID: eac3a59684c6584765153840b0884e93148cc79bf21a411d675734a5f360f565
                                                                                                                                                                                                  • Instruction ID: b3918171f658adcdde9bb674870fae459a3a8f05a9734da7cf1789878cb46f7c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: eac3a59684c6584765153840b0884e93148cc79bf21a411d675734a5f360f565
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1421F522B1874183E7209B98E4202E963A9FF88784F640031EF0C57BA6DF3ED5468744
                                                                                                                                                                                                  Function 00007FFD937E2329 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: SSL_CTX_check_private_key$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 1552677711-1244179024
                                                                                                                                                                                                  • Opcode ID: 367884769e0be158fe2d6c70ef48e05a3997c46c5ea395472e5d88843c561abf
                                                                                                                                                                                                  • Instruction ID: de3b44f6aadd073989128eadad3b72fc8f5fd9de4e060021529fafaf0b22074b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 367884769e0be158fe2d6c70ef48e05a3997c46c5ea395472e5d88843c561abf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9201D228F5A74281FA70E7E4D8722F82359BF84381FE44031D80D237E1DE2EE60A9342
                                                                                                                                                                                                  Function 00007FF7923FEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                  • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction ID: 5633734dc52ec931a2e6f866b203558d46406d7ee38c7d7b9891fa27dbea4820
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8D16D22A087418AFB30BB35B4463EDA7A0FB59788F90017EEE8D57B95DF78E441C611
                                                                                                                                                                                                  Function 00007FF79240ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF79240F11A,?,?,-00000018,00007FF79240ADC3,?,?,?,00007FF79240ACBA,?,?,?,00007FF792405FAE), ref: 00007FF79240EEFC
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF79240F11A,?,?,-00000018,00007FF79240ADC3,?,?,?,00007FF79240ACBA,?,?,?,00007FF792405FAE), ref: 00007FF79240EF08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                  • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction ID: 862dc3a609f027374394eddf39368bb526ff0cb6c1891ba14bd9572b4251ed44
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B411321B1961641FB35FB36A804575B2A1BF48B90FC84139DD1D477A4EEBCEC95C360
                                                                                                                                                                                                  Function 00007FF7923F2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2C9E
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7923F3706,?,00007FF7923F3804), ref: 00007FF7923F2D63
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF7923F2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                  • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 3940978338-251083826
                                                                                                                                                                                                  • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction ID: 4a1c8023f8a5e703208b2c0445cb571aabcc7d49442be1c93e1a4664cde89866
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D931B722708A4146FA30FB36B8056EAA695BF88794F81013AEF4D53769EF7CD946C710
                                                                                                                                                                                                  Function 00007FFD937E127B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$ErrorLast
                                                                                                                                                                                                  • String ID: ssl3_write_pending$ssl\record\rec_layer_s3.c
                                                                                                                                                                                                  • API String ID: 2616572124-784131167
                                                                                                                                                                                                  • Opcode ID: a9310b3d184f02e62da85ce713a9fda3608d41ed6cc9c9a8de81460916627aa1
                                                                                                                                                                                                  • Instruction ID: 1c1ca31be95ba94ee740d25b6b7c92927433940479a3cc1f6cb340edcd26eaf2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9310b3d184f02e62da85ce713a9fda3608d41ed6cc9c9a8de81460916627aa1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7141BF32B0978582EB70DBA6D5646A833AAFB44BC4F144535DA5D23B95DF3EE461C300
                                                                                                                                                                                                  Function 00007FFD9382F0F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$L_sk_num
                                                                                                                                                                                                  • String ID: ssl\statem\extensions.c$tls_construct_certificate_authorities
                                                                                                                                                                                                  • API String ID: 2899912155-527494398
                                                                                                                                                                                                  • Opcode ID: 884ebeb7ddf06f1d30b196f33d5518f1d9270f8f082c0da28cf1109d27d9b2cd
                                                                                                                                                                                                  • Instruction ID: 4d41f26120928e21c1bdf86b8a5b8ed8b13638afc2805ba27a4691174a4698e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 884ebeb7ddf06f1d30b196f33d5518f1d9270f8f082c0da28cf1109d27d9b2cd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50316411B1829242F7B0E7E2F9266B96258EF857C4F480031EE4D67B96DE2DE981C700
                                                                                                                                                                                                  Function 00007FFD937E1370 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ossl_statem_server13_write_transition$ossl_statem_server_write_transition$ssl\statem\statem_srvr.c
                                                                                                                                                                                                  • API String ID: 193678381-2327048249
                                                                                                                                                                                                  • Opcode ID: cce446bd04710358cd1a050b66d4ef09f6f76d68c69657f1c4480bd4cee1150c
                                                                                                                                                                                                  • Instruction ID: 9878986abc3dc33fe3e6f03d0d5f94aae25c416b3fb656cd3251fd4847090917
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cce446bd04710358cd1a050b66d4ef09f6f76d68c69657f1c4480bd4cee1150c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF21CF72F1864282EB71D7D5E8B1AF8275AEB48744F444471D90EA37A2DE2EE985C700
                                                                                                                                                                                                  Function 00007FFD9380C160 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errorY_freeY_up_ref
                                                                                                                                                                                                  • String ID: ssl\ssl_rsa.c$ssl_set_pkey
                                                                                                                                                                                                  • API String ID: 4194652714-3392439490
                                                                                                                                                                                                  • Opcode ID: 97cad205838732265292e2946eee31ea2012d1aa615ba71c9c98a6a18e44e373
                                                                                                                                                                                                  • Instruction ID: a782906150f06a2c8d71a87bf25f05aa930e0eef38ff1b1e0d3badf1840d7fb3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97cad205838732265292e2946eee31ea2012d1aa615ba71c9c98a6a18e44e373
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E21C362B18A4281EF60EF95E9612F96338FB98780F944132EB0D43795EE39D555C300
                                                                                                                                                                                                  Function 00007FFD93850320 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$X_copy_ex
                                                                                                                                                                                                  • String ID: ssl\statem\statem_lib.c$tls13_restore_handshake_digest_for_pha
                                                                                                                                                                                                  • API String ID: 3813578642-100768352
                                                                                                                                                                                                  • Opcode ID: cdf70c818b8bf6e2a8adbf2f3785d6dd37dd4ec7cd5c3bbc663e470c5f5c3d82
                                                                                                                                                                                                  • Instruction ID: 037000001d1284cd1bfa52d610f9b117d59453588917499b7f105bcc2d136e83
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdf70c818b8bf6e2a8adbf2f3785d6dd37dd4ec7cd5c3bbc663e470c5f5c3d82
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E10188A1F1924282F771E7E1D872BF45259BF94384F840072DD0C67B93EE5EE58A9340
                                                                                                                                                                                                  Function 00007FFD937E20B8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errorY_freeY_get_security_bits
                                                                                                                                                                                                  • String ID: SSL_CTX_set0_tmp_dh_pkey$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 2486296959-372487106
                                                                                                                                                                                                  • Opcode ID: d833fb894571d9a2ba637809238cedaf08ba5485f58bb11d5d3ffcdc782f75f1
                                                                                                                                                                                                  • Instruction ID: 47636e93dbb66cc8c0ad9daca0a4640416b0cf789135ed86c4237b05a9cd8ad6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d833fb894571d9a2ba637809238cedaf08ba5485f58bb11d5d3ffcdc782f75f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5401D226B1868181E760EBE1F9216F96368EF887C4F544031EE0C53BAADE2ED5058701
                                                                                                                                                                                                  Function 00007FFD937E52E0 Relevance: 12.1, APIs: 8, Instructions: 111COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_clear_flagsO_get_dataO_set_flagsO_set_retry_reason
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3836630899-0
                                                                                                                                                                                                  • Opcode ID: 1a07f472d40b4cd97d5267ed83308e2718f59b3f84c95e1f5abcc2ccdf3de55b
                                                                                                                                                                                                  • Instruction ID: 5e3c88a9ea4daf6199f19832098431d4815c4091cd9bc78a358c9cadb20a4abe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a07f472d40b4cd97d5267ed83308e2718f59b3f84c95e1f5abcc2ccdf3de55b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1431A422F1860642E778EFE6AA6127D7299EF45BE4F104031DD0E67B96CE7CE842C740
                                                                                                                                                                                                  Function 00007FFD937E2284 Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$O_new$O_s_connect
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3895418919-0
                                                                                                                                                                                                  • Opcode ID: db1e9ef6f53bfc68ce92d38ec542ffae1fede622c94bae331c69cfe2a04859d1
                                                                                                                                                                                                  • Instruction ID: ff2f2e148087b8d6b914a466fd80b5dfc68b7c624fd8538fb886c9e0d0b67022
                                                                                                                                                                                                  • Opcode Fuzzy Hash: db1e9ef6f53bfc68ce92d38ec542ffae1fede622c94bae331c69cfe2a04859d1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9115E11F6D74341FE74B7E2A4322B962985F85BC4F4814B4ED0E27BA6EE2DE4524300
                                                                                                                                                                                                  Function 00007FFD9384C2C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memcpy.VCRUNTIME140 ref: 00007FFD9384C397
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: EVP_CIPHER_CTX_get0_cipher.LIBCRYPTO-3-X64 ref: 00007FFD9384AF96
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: EVP_CIPHER_get_flags.LIBCRYPTO-3-X64 ref: 00007FFD9384AF9E
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: EVP_MD_CTX_get0_md.LIBCRYPTO-3-X64 ref: 00007FFD9384AFB0
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: EVP_MD_get_size.LIBCRYPTO-3-X64 ref: 00007FFD9384AFB8
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: EVP_CIPHER_CTX_get0_cipher.LIBCRYPTO-3-X64 ref: 00007FFD9384AFD1
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: EVP_CIPHER_get_mode.LIBCRYPTO-3-X64 ref: 00007FFD9384AFD9
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: EVP_CIPHER_CTX_get_block_size.LIBCRYPTO-3-X64 ref: 00007FFD9384AFEA
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E1294: BIO_ctrl.LIBCRYPTO-3-X64 ref: 00007FFD9384B064
                                                                                                                                                                                                  • BIO_ctrl.LIBCRYPTO-3-X64 ref: 00007FFD9384C4C7
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD9384C513
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD9384C52B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_ctrlX_get0_cipher$D_get_sizeR_get_flagsR_get_modeR_newR_set_debugX_get0_mdX_get_block_sizememcpy
                                                                                                                                                                                                  • String ID: dtls1_retransmit_message$ssl\statem\statem_dtls.c
                                                                                                                                                                                                  • API String ID: 4032328484-3994044773
                                                                                                                                                                                                  • Opcode ID: 0a9ae02f7fa02763214211e12287ac632c9524d9024e16d565c36963016adf7b
                                                                                                                                                                                                  • Instruction ID: 65a77c1580ce106b8e17003d48e9e8227d6334d87d37a2da5e8402c8d1b4f3b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a9ae02f7fa02763214211e12287ac632c9524d9024e16d565c36963016adf7b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30618932304B8492E7A4EB66E594AAA77ACFB88B94F414136EF9D53751CF39D4A4C300
                                                                                                                                                                                                  Function 00007FF7923FDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDDBD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDDCB
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDDF5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDE63
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF7923FDFEA,?,?,?,00007FF7923FDCDC,?,?,?,00007FF7923FD8D9), ref: 00007FF7923FDE6F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                  • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction ID: 8daba7fe2f3decbaefc422c555f1e2bc2733576bb5d32b546320f7ea4c2445a2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0731B221B1A60695FE32FB22B8055B4A394FF68BA0F99417DDD1D07395EFBCE444C220
                                                                                                                                                                                                  Function 00007FFD937E2298 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_status_request
                                                                                                                                                                                                  • API String ID: 193678381-2442042057
                                                                                                                                                                                                  • Opcode ID: dfa6b14119155a14c1bc16baeb9d6e36779b66f553584e3eebc71062626c40b8
                                                                                                                                                                                                  • Instruction ID: f3b4aaa2d0b39134f5883376a7ab7b4350b9ef2c8eab442856e39f28a34fb993
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfa6b14119155a14c1bc16baeb9d6e36779b66f553584e3eebc71062626c40b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B21DC62F0924282FB7897D1E8607F82669EB84704F540030EA4CA77D1EF2EFAC2C701
                                                                                                                                                                                                  Function 00007FF7923F2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7923F351A,?,00000000,00007FF7923F3F23), ref: 00007FF7923F2AA0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-2900015858
                                                                                                                                                                                                  • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction ID: ada477c65437b154532c490f080ab0f4157d924c7d789f3ee615defa0b673f67
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57213022B18B8196FA20FB61B8417E6A294BB88784F800139EE8D53659DFBCD545C750
                                                                                                                                                                                                  Function 00007FF7923F8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 995526605-0
                                                                                                                                                                                                  • Opcode ID: 960e55689f8153c2b27b80b9ea7c16c7327bf886aabdd5ec5ebc892c06a11a30
                                                                                                                                                                                                  • Instruction ID: d9d656dacd7a2c9f6938a29e844163da49a434c1d1bb1d92a986991bc139a949
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 960e55689f8153c2b27b80b9ea7c16c7327bf886aabdd5ec5ebc892c06a11a30
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA217521B0CA4241FB24BB75F55127AE7A0FB857A4F900239E66D436E5DEACD844C750
                                                                                                                                                                                                  Function 00007FF79240B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                  • Instruction ID: 3199bf2c9c6c88f4793d1e0e593a3728cc8deb2976eb1c4f9377ef302a395514
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B216A20F8C21241FB79B371665913DE1625F587A0F944638D93E4AAF6DEACBC80C720
                                                                                                                                                                                                  Function 00007FFD937E11B3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\statem_clnt.c$tls_process_initial_server_flight
                                                                                                                                                                                                  • API String ID: 193678381-2981156782
                                                                                                                                                                                                  • Opcode ID: c5e338beb2a54b6ea43380e7dcf6e905c8cf49a790cf7eba72e88a1e12d4b93c
                                                                                                                                                                                                  • Instruction ID: b4a5fefeec8f086e0db42313a3a696f452224f906755d4cce26f058041490a15
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e338beb2a54b6ea43380e7dcf6e905c8cf49a790cf7eba72e88a1e12d4b93c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77219061F1828341FB71EBE1D8297F8225AAF49784F580131DD1D77AE2EE2EE685C310
                                                                                                                                                                                                  Function 00007FFD93808100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFD93802D27), ref: 00007FFD93808130
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFD93802D27), ref: 00007FFD93808148
                                                                                                                                                                                                  • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFD93802D27), ref: 00007FFD93808159
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: ssl\ssl_lib.c$ssl_peek_internal
                                                                                                                                                                                                  • API String ID: 1552677711-1951520329
                                                                                                                                                                                                  • Opcode ID: 572cffbddc777f03a40ca338dead1c9ac4692b9a4d3ee0fa8f2bc3e597591d01
                                                                                                                                                                                                  • Instruction ID: f2b997ae3695c1c030260e667ca225c134ead0250a432157bc1dd2e7f34d97d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 572cffbddc777f03a40ca338dead1c9ac4692b9a4d3ee0fa8f2bc3e597591d01
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F219F31B09B8182E7209B91E8602EA7768FF44B84F580135EE8D137A5CF3DE542CA00
                                                                                                                                                                                                  Function 00007FFD937E1208 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errorX_set0_default$conf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                  • String ID: ssl\ssl_mcnf.c$ssl_do_config
                                                                                                                                                                                                  • API String ID: 4067701900-3748000247
                                                                                                                                                                                                  • Opcode ID: 78b1cd6d98b36693a3e8c19e6096a3c8611627da28cb0fc7524778c3a1b05b30
                                                                                                                                                                                                  • Instruction ID: 240bf8a01e622e7c30639fef6abf91496f64d6905d06810ce738a4f01b0fc6fd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78b1cd6d98b36693a3e8c19e6096a3c8611627da28cb0fc7524778c3a1b05b30
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81112F93F0920241FB34B7D26C229FA651A6F44BD8F004834FD0D277D1DD3DA54A8341
                                                                                                                                                                                                  Function 00007FFD9382F430 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: final_ems$ssl\statem\extensions.c
                                                                                                                                                                                                  • API String ID: 193678381-224909566
                                                                                                                                                                                                  • Opcode ID: 95d26a296ffad9bee5b34f77b94c529d7f1f4753ee312df24eeffcc3a2123718
                                                                                                                                                                                                  • Instruction ID: fd47c23ba1ae26390db01ec2ac3f67e70dfb7fb8657a4e7ac1e53e0419389a24
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95d26a296ffad9bee5b34f77b94c529d7f1f4753ee312df24eeffcc3a2123718
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A119031B1914246F7B5D7E5D8657F42359EF88750F844031C50C63AA1DF6EA6CAC700
                                                                                                                                                                                                  Function 00007FF792417DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                  • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction ID: 849bc733e7caf006961cad36f1a4bf0d029a90ff2b6d8caf8774564249a3aaed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A117221718B4186F360BB62B858329B2A0BB98BE4F504234E95D877B5DFBCDC14C750
                                                                                                                                                                                                  Function 00007FFD93804380 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                  • String ID: SSL_set_session_id_context$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 1331007688-832255996
                                                                                                                                                                                                  • Opcode ID: 1766f3996537cb0e5b0a2e32e807ae11b38348853fd5b01ef95d7da67ff611f1
                                                                                                                                                                                                  • Instruction ID: a95e784c5bc9a5cc38edc67a19e8d1ffe2f6f93b70452a6b69cbe0efe8d5244b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1766f3996537cb0e5b0a2e32e807ae11b38348853fd5b01ef95d7da67ff611f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF0A025F6525282F370B3E4D8227F82258AF40341FD04071E90D12AE2DD2FA6894B01
                                                                                                                                                                                                  Function 00007FF7923F8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7923F9216), ref: 00007FF7923F8592
                                                                                                                                                                                                  • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F85E9
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7923F45E4,00000000,00007FF7923F1985), ref: 00007FF7923F9439
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F8678
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F86E4
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F86F5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF7923F9216), ref: 00007FF7923F870A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3462794448-0
                                                                                                                                                                                                  • Opcode ID: af5051bae1bb50e3ccf69b50d5ac14561a54b739df452b641c0904f08e36c6c8
                                                                                                                                                                                                  • Instruction ID: 29e8ddf7d51e1db45180550725308a00474555f85b001ce92a999ce03327612d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: af5051bae1bb50e3ccf69b50d5ac14561a54b739df452b641c0904f08e36c6c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA419022B1868241FA34BB32B5416EAA394FB84BC4F85027DDF8D57B99DE7CE405C760
                                                                                                                                                                                                  Function 00007FFD938010F0 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_sk_num$L_sk_freeL_sk_new_nullL_sk_pushL_sk_value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1173513325-0
                                                                                                                                                                                                  • Opcode ID: 2f0d84408ecca472fa6c2f3c0ce77c17751f26ce0a0646a05ef91407bbf96d6f
                                                                                                                                                                                                  • Instruction ID: 173690eef755fcf9f7d4820084c64819e9d057210f90b1800d4973c51019d807
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f0d84408ecca472fa6c2f3c0ce77c17751f26ce0a0646a05ef91407bbf96d6f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C921C515F0975281FB78ABE298202F9519CAF85FD0F085031EE4D67B97DE2EE4024300
                                                                                                                                                                                                  Function 00007FF7923F90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetCurrentProcess.KERNEL32 ref: 00007FF7923F8780
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: OpenProcessToken.ADVAPI32 ref: 00007FF7923F8793
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetTokenInformation.ADVAPI32 ref: 00007FF7923F87B8
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetLastError.KERNEL32 ref: 00007FF7923F87C2
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: GetTokenInformation.ADVAPI32 ref: 00007FF7923F8802
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7923F881E
                                                                                                                                                                                                    • Part of subcall function 00007FF7923F8760: CloseHandle.KERNEL32 ref: 00007FF7923F8836
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF7923F3C55), ref: 00007FF7923F916C
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF7923F3C55), ref: 00007FF7923F9175
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                  • API String ID: 6828938-1529539262
                                                                                                                                                                                                  • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                  • Instruction ID: 311424d8e9ea677b692acf2e9729c5ccde3434773ffb7df468301400fdadef29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9214121A0874285FB20FB31F9162EAB260EF98780FD44479EA4D53796DFBCD845C760
                                                                                                                                                                                                  Function 00007FF79240B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B347
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B37D
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3AA
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3BB
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3CC
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF792404F81,?,?,?,?,00007FF79240A4FA,?,?,?,?,00007FF7924071FF), ref: 00007FF79240B3E7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                  • Instruction ID: 2b6f7152d0bc88d622dcdbb3d867388efd072a746b4def992c199705b9bd0a2c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF114720B8C25282FB79B331665153DF1625F587A0FA44734E92E466E6DEFCAC81C720
                                                                                                                                                                                                  Function 00007FFD9381F280 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • BIO_indent.LIBCRYPTO-3-X64(?,00000000,0000004D,00007FFD9381F16D,?,?,?,?,?,?,?,00007FFD9381E3EF), ref: 00007FFD9381F2F2
                                                                                                                                                                                                  • BIO_printf.LIBCRYPTO-3-X64(?,00000000,0000004D,00007FFD9381F16D,?,?,?,?,?,?,?,00007FFD9381E3EF), ref: 00007FFD9381F32B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                  • String ID: Signature$Signature Algorithm: %s (0x%04x)$UNKNOWN
                                                                                                                                                                                                  • API String ID: 1860387303-3399393549
                                                                                                                                                                                                  • Opcode ID: 625730225df77871dfbb58174ce0e40498583b946182397ddb4f21adec7ad5d0
                                                                                                                                                                                                  • Instruction ID: 246c2b7836151ac3771407c6a8c9edd242464e2682c17dc413dc3b716116d0ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 625730225df77871dfbb58174ce0e40498583b946182397ddb4f21adec7ad5d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D431A173B08BC086DB21CF9AE4551A9B7A5FB84BA0F494632EE9C57791DE3DE046C700
                                                                                                                                                                                                  Function 00007FF7923F2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7923F1B6A), ref: 00007FF7923F295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 2050909247-2962405886
                                                                                                                                                                                                  • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction ID: 975a8f8985f7ea1c48de4b527c98306dd9d7386f0ce6b98eb22e6788abe77300
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF318462B1868156FB20F771B8416E7B295BF887D4F800139EE8D83755EFBCD946C610
                                                                                                                                                                                                  Function 00007FF7923F2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7923F918F,?,00007FF7923F3C55), ref: 00007FF7923F2BA0
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF7923F2C2A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentMessageProcess
                                                                                                                                                                                                  • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 1672936522-3797743490
                                                                                                                                                                                                  • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction ID: 356914ef7833899ef82ee62aa6c9d79282776b87b058dac667d2a71980d2f0b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A218062708B4186F720FB25F4457EAB3A4EB88780F804139EA8D5766ADF7CDA45C750
                                                                                                                                                                                                  Function 00007FF7923F2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7923F1B99), ref: 00007FF7923F2760
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-1591803126
                                                                                                                                                                                                  • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction ID: f4d1a0d1f8260d4cc32fb135c95781acf79f707402f4d333363acdba1e7e4ec7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89214172B1878196FB20FB61B4417E6A394FB88784F800139EE8D53669DFBCD549C750
                                                                                                                                                                                                  Function 00007FFD937E20EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_new$R_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_srvr.c$tls_parse_ctos_sig_algs
                                                                                                                                                                                                  • API String ID: 476316267-1893274837
                                                                                                                                                                                                  • Opcode ID: 9bbc9a4b49c3ad885c33ad605bffe2bc4fa8ef0997daffca045ba0a27f8900cb
                                                                                                                                                                                                  • Instruction ID: 06427e4483d352d63dd0221540d2f514eb53c3ab1d89e4bcb52f7164e1cb47d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bbc9a4b49c3ad885c33ad605bffe2bc4fa8ef0997daffca045ba0a27f8900cb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0021B772B1868241EB349794E8312B9B369FF99355F448331F9DD22B95EF2DE290C700
                                                                                                                                                                                                  Function 00007FFD9381E316 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_indentO_printf
                                                                                                                                                                                                  • String ID: %s=0x%x (%s)$cookie$server_version
                                                                                                                                                                                                  • API String ID: 1860387303-2821402668
                                                                                                                                                                                                  • Opcode ID: d459fad3868cfb4dac71051203ceb47049b41e9e5844cd4afa47659fa10f840d
                                                                                                                                                                                                  • Instruction ID: b3d817c5bb1e651c9c7528f91bd1f161b8b39902178990c8bd5d25bbe53a2c06
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d459fad3868cfb4dac71051203ceb47049b41e9e5844cd4afa47659fa10f840d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1113A32B1C69541E7318BD8E4250B9B25AFB807B4F440232DD6E27BE5DE3EE486C308
                                                                                                                                                                                                  Function 00007FFD937E222A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: SSL_set_ct_validation_callback$ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 1552677711-817956355
                                                                                                                                                                                                  • Opcode ID: 4f716f300d56b1efd3eae076a8e92c81d5bd26d3202220007bfe5356fad4731f
                                                                                                                                                                                                  • Instruction ID: 93f0441fadbf086db5777cc284023625a223ce27a2648e1d27d27cb5215faa9a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f716f300d56b1efd3eae076a8e92c81d5bd26d3202220007bfe5356fad4731f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86112732B1868142F7A0DB91E4116E97368FF84BC4F484031EE0D67BA9DF2ED541C700
                                                                                                                                                                                                  Function 00007FFD937E22D9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_ctrlR_newR_set_debug
                                                                                                                                                                                                  • String ID: dtls1_check_timeout_num$ssl\d1_lib.c
                                                                                                                                                                                                  • API String ID: 2442628283-4185249889
                                                                                                                                                                                                  • Opcode ID: fbba385f4b61a791f75e51a82ad991d31ca40b3dcc4afb71c50e554838b1cd1d
                                                                                                                                                                                                  • Instruction ID: c90ec74b4c48052d295f4d5436f0cb4bd75ad1719bcad9bc8479cdbdc8815209
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbba385f4b61a791f75e51a82ad991d31ca40b3dcc4afb71c50e554838b1cd1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F711A372B142C181E7B0ABD5D8B56FC3368EB44B44F840075DE1D677A1CF2D9681C714
                                                                                                                                                                                                  Function 00007FF792409AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction ID: 0b6c8856d1a028b6ade3d22bdb3479cb24dc58126e3eabba4f9918179d51a56f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CF04F21B0960681FB30FB34A455379A330BF59B61F940235DA6E461F4DFACD984C720
                                                                                                                                                                                                  Function 00007FFD937E10F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: pqueue_new$ssl\pqueue.c
                                                                                                                                                                                                  • API String ID: 1552677711-1056340099
                                                                                                                                                                                                  • Opcode ID: 5d54f51fc09f9b9c137e827ad8e5deadcafbeda4e423c8d4b2fe4a6484820e41
                                                                                                                                                                                                  • Instruction ID: 40a55c1f152bc2e19048e2926d2fdbfb28b8b792cf2565a1eef4267373c284db
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d54f51fc09f9b9c137e827ad8e5deadcafbeda4e423c8d4b2fe4a6484820e41
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF05E71B2920785FA31AFD4D821EF86369EF44308F840031ED0D26796ED2DB659C750
                                                                                                                                                                                                  Function 00007FFD937ED09C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: ssl3_ctrl$ssl\s3_lib.c
                                                                                                                                                                                                  • API String ID: 1552677711-3530330221
                                                                                                                                                                                                  • Opcode ID: 70e17b9d8c278a3e740eb95ee17655b4ceecf7d6c2369a652807f9585a787d70
                                                                                                                                                                                                  • Instruction ID: 43e8a8eccc885cb9dd03395f62c1e9dbba4be84f23932f8d0ac4c022ef02fd38
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70e17b9d8c278a3e740eb95ee17655b4ceecf7d6c2369a652807f9585a787d70
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FF0EC12B1864285F331ABD4E0615F8632CEF457A4F850032CE0D22BA69E2EE586C321
                                                                                                                                                                                                  Function 00007FFD937E240F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: SSL_CTX_use_PrivateKey$ssl\ssl_rsa.c
                                                                                                                                                                                                  • API String ID: 1552677711-2258079080
                                                                                                                                                                                                  • Opcode ID: 07937784a8ad51650fc829dd3d2d16b500f880a6d4a2fe2352be2ed2702f1586
                                                                                                                                                                                                  • Instruction ID: c47380af92243998a41214f27435ffe89deb53fa3a326cc953935eb586a75745
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07937784a8ad51650fc829dd3d2d16b500f880a6d4a2fe2352be2ed2702f1586
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CE02224F1A20281F370F3E0CC362F8526AAF94300FA00031D80E22BE2ED2EA64A8241
                                                                                                                                                                                                  Function 00007FFD937E143E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                  • API String ID: 1552677711-1780904596
                                                                                                                                                                                                  • Opcode ID: dd18886e47207dcd9bc499975d10b1b0f4e5e1a68e39de16518c954d2fa54149
                                                                                                                                                                                                  • Instruction ID: ec3562e09596d8fe40b02fdb38fed2289bba417d0152ade7ec9f4c473dbdd439
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd18886e47207dcd9bc499975d10b1b0f4e5e1a68e39de16518c954d2fa54149
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E04F15F6924282F370F3E0E8326E96359AB40340FD04071E80D637D6DE2EA60AD782
                                                                                                                                                                                                  Function 00007FFD937E2180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                  • String ID: ssl\ssl_lib.c$ssl_bad_method
                                                                                                                                                                                                  • API String ID: 1552677711-2610379041
                                                                                                                                                                                                  • Opcode ID: 95ed5a04d78eb1e06bd07b3d7244c5775300feedaa536b019c5408fc23535382
                                                                                                                                                                                                  • Instruction ID: 7a2ebe746ac6a953ee96db8314265ce3f88e4f5b4acdbf896d22dfd29ce43507
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95ed5a04d78eb1e06bd07b3d7244c5775300feedaa536b019c5408fc23535382
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DE0EC14F6924296F3B0B3E0D8325F95219AF54341FE04071E80D62AE2DE6EA6499681
                                                                                                                                                                                                  Function 00007FF7924193D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction ID: 5a6723c8a5c6f84f4e68e092b599d00288e1212fe19db5f97075fe9291dcca2a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7111F672F5CA1201FE78B134E457375B1447F79364FA84634EA6E066F78EACAD41C124
                                                                                                                                                                                                  Function 00007FF79240B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B41F
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B43E
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B466
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B477
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79240A613,?,?,00000000,00007FF79240A8AE,?,?,?,?,?,00007FF79240A83A), ref: 00007FF79240B488
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                  • Instruction ID: 49b6b29849d0e3af69fdebbd654c56c01a97a18584bf84245377beace94e295e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D115920F8860241FB79B3326651579F1625FA47B0F888334E92E466F6DEACFD81C620
                                                                                                                                                                                                  Function 00007FF79240B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                  • Instruction ID: c0aca2957c3a3f170e21c7a2bd236481af1e18e8ec8a013d9037d81b885b85ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B110320F8820781FB7DB232541267EA1624F59720FD84738D93E4A2F2DDECBC81C625
                                                                                                                                                                                                  Function 00007FF792406010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: verbose
                                                                                                                                                                                                  • API String ID: 3215553584-579935070
                                                                                                                                                                                                  • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction ID: 6522134c74dd09fd3d9aac4432463780a36a85d8eb8ff601b1571d7a61ac3dcb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9691CD22A88A4681F771BE34D45077DB3B1AF44B94F844136DA8A4E3E5DEBCEC85C321
                                                                                                                                                                                                  Function 00007FF79240FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                  • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction ID: 91e2c0ae1d05cca3805638396783b905305ae31ada5740d96e6a15b2b8d9a4dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4819D32E8C24285F7747E358110278B6B0AF11B48FD78035DA0E876AADFADAD85D761
                                                                                                                                                                                                  Function 00007FF7923FD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                  • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction ID: 10c1d5a34b1974fd77a231f34af92ee4a9272c3616a060722102cc9e79440ef1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3651A032B196468AFF24BF25E049AB8B791EB44B98F90417CDA4E47748DFBDE841C710
                                                                                                                                                                                                  Function 00007FF7923FF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                  • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction ID: 8a4a8950bfd0ca9cd05805efe48693e234c5dfe9f69ae8e48975ddf4d2840c04
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62518F32A0828286FF74BE31A0452A8B6A0FB54B94F9441BEDE5D477D5CFBCE450C711
                                                                                                                                                                                                  Function 00007FF7923FEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction ID: db8936a91fb8736d2833d40076aaefaa08bb25cf6a4ba320d99360f81356ec15
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2617E32908B8581FB70AB25F4413EAB7A0FB94B84F444229EE9D07B95DFBCD191CB10
                                                                                                                                                                                                  Function 00007FFD9384107D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ossl_statem_client13_write_transition$ssl\statem\statem_clnt.c
                                                                                                                                                                                                  • API String ID: 193678381-1511665306
                                                                                                                                                                                                  • Opcode ID: de88b22f069e613d043fcf16322c2b1f289870993783156bf15d667e21681cdc
                                                                                                                                                                                                  • Instruction ID: 75ecc3a3864777791d695bbf678e00962458152c49d12217f09898ac89e39710
                                                                                                                                                                                                  • Opcode Fuzzy Hash: de88b22f069e613d043fcf16322c2b1f289870993783156bf15d667e21681cdc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF02421F1914287E320E7E4E8B5AF86319AF48348F048431ED0ED7AA2DA2DD297C300
                                                                                                                                                                                                  Function 00007FFD93854378 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ossl_statem_server13_write_transition$ssl\statem\statem_srvr.c
                                                                                                                                                                                                  • API String ID: 193678381-666064840
                                                                                                                                                                                                  • Opcode ID: 0928d28e1b89bbef44c86d87d9bbf68a23217b9c03443abc5368a82f328b8018
                                                                                                                                                                                                  • Instruction ID: 690bd290462e1eea32ac4b50c5010fb82f235d953e48199a2848b610e010eabe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0928d28e1b89bbef44c86d87d9bbf68a23217b9c03443abc5368a82f328b8018
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47019EA3F19182C3E72093D0FCBA7AF2764DB25394F8A4031D90CA23A2EA5DD5468702
                                                                                                                                                                                                  Function 00007FF7923F7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(00000000,?,00007FF7923F352C,?,00000000,00007FF7923F3F23), ref: 00007FF7923F7F22
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                                                                                  • String ID: %.*s$%s%c$\
                                                                                                                                                                                                  • API String ID: 4241100979-1685191245
                                                                                                                                                                                                  • Opcode ID: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                  • Instruction ID: 211e285e782a8d6a35bcecb129da8eac2d0fbf4deca12ca85fe0f93fee71639b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B31CE21719AC145FE31BB31F8117EAB254AB94BE0F800279EA6D477C9EFACD605C710
                                                                                                                                                                                                  Function 00007FF7923F2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                  • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 2030045667-255084403
                                                                                                                                                                                                  • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction ID: c7bd02efbce9a198c3fef7b6c21f2a10fa79c262e483f3d2b5cdfa04ec44ffde
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6021B162708B4181F720FB25F4457EAB3A0EB88780F804139EA8D5376ADF7CD649C710
                                                                                                                                                                                                  Function 00007FFD9383A1B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_etm
                                                                                                                                                                                                  • API String ID: 193678381-2237796182
                                                                                                                                                                                                  • Opcode ID: ef771f3cbf94da2f80881f0df1902dfa196206a466c24f1d2ddbdca429df6a94
                                                                                                                                                                                                  • Instruction ID: 56205f8b4bfa42d2d75d6664a4321e91311f5e9c7fbff7f6644deeb165d8ad70
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef771f3cbf94da2f80881f0df1902dfa196206a466c24f1d2ddbdca429df6a94
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7821C322B0C04152F7B89BE5E5657B92398EF44B84F580131EA0DA7BE1DE2FE895C701
                                                                                                                                                                                                  Function 00007FFD937E2455 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_cryptopro_bug
                                                                                                                                                                                                  • API String ID: 193678381-731954838
                                                                                                                                                                                                  • Opcode ID: 71a25c2062867e196fc085757353d0296e763157e1033a8981b2638509d9dad9
                                                                                                                                                                                                  • Instruction ID: ab6c8fd72de9904f34a57719b2a93ffd276b95d8b914f8e19eed36d1b20a1f75
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71a25c2062867e196fc085757353d0296e763157e1033a8981b2638509d9dad9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79219A72F182418AF724DBE5D9622BD36A9AB44B88F500435EE4E2BB95CF7DD141CB40
                                                                                                                                                                                                  Function 00007FFD938322B5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$ssl_next_proto_validate
                                                                                                                                                                                                  • API String ID: 193678381-1427910692
                                                                                                                                                                                                  • Opcode ID: f8d6c8e8bb8856fa455282e1ec66884344eebbd739a7341649a45c3a8d05450e
                                                                                                                                                                                                  • Instruction ID: b494917069bcb276749396b88045ca449afda56f96b9672c562c8e7c93d252fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8d6c8e8bb8856fa455282e1ec66884344eebbd739a7341649a45c3a8d05450e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD119B62F1978581EB759B90E8213B9A354FF54344F445630EA8C52BA2EF2DA6D0C700
                                                                                                                                                                                                  Function 00007FFD937E227A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_npn
                                                                                                                                                                                                  • API String ID: 193678381-1587923133
                                                                                                                                                                                                  • Opcode ID: 61a91c64c01bedcc23cb9495545d200a844dac3d231d4e7383ebde9262780755
                                                                                                                                                                                                  • Instruction ID: 7bac2fa86c6eb45047a950b58e0e0a9503f77977146bc33cab85359df6d72f61
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61a91c64c01bedcc23cb9495545d200a844dac3d231d4e7383ebde9262780755
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C811C112B2814282F7B59796E5657F96258EF84780F484030D90D577E2EF6ED982C300
                                                                                                                                                                                                  Function 00007FFD937E13F2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_post_handshake_auth
                                                                                                                                                                                                  • API String ID: 0-2821314493
                                                                                                                                                                                                  • Opcode ID: d9886e324820923be84731bab3a845bc93f26b5c429431ab37a34ff38af6b9d0
                                                                                                                                                                                                  • Instruction ID: b3db95567f138ee84f7a6c46b7841f535de6f49a7988e77eabbb6cc429e5a150
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9886e324820923be84731bab3a845bc93f26b5c429431ab37a34ff38af6b9d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3611A021F1814342F774A792E6657F92259EF887C4F480030EE0C5BBD6EF6EE9858700
                                                                                                                                                                                                  Function 00007FFD93855282 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ossl_statem_server_pre_work$ssl\statem\statem_srvr.c
                                                                                                                                                                                                  • API String ID: 193678381-3016895475
                                                                                                                                                                                                  • Opcode ID: bad4305f468a68e38d75508c621d50fb4dff16f28b196e02ec69428209a5f463
                                                                                                                                                                                                  • Instruction ID: df83a3ee4de2c978b0210e7728501cd3ea9b9ca4d6518c30ad839f779ceba952
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bad4305f468a68e38d75508c621d50fb4dff16f28b196e02ec69428209a5f463
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6115B62B0578682FB61CFE5C4A47A833A4FB94F88F484075CE0D5B7A1DF6AD885C310
                                                                                                                                                                                                  Function 00007FFD937E1456 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_sct
                                                                                                                                                                                                  • API String ID: 193678381-3604365430
                                                                                                                                                                                                  • Opcode ID: c551b5dc0b5e16ecb16e76c9706144c51b197ed57e5fe2801b8abfad503ff60d
                                                                                                                                                                                                  • Instruction ID: e997c0f7735bdfcb8dc46bd239b7691710419e39b42fe1f574ee1b6127401d45
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c551b5dc0b5e16ecb16e76c9706144c51b197ed57e5fe2801b8abfad503ff60d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F118622F2814242FB74D7D6F5657FA6254EF84784F844030ED1D677D6EE2DD9518700
                                                                                                                                                                                                  Function 00007FFD93853430 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FFD93853D70: ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00007FFD9385344E), ref: 00007FFD93853DFE
                                                                                                                                                                                                    • Part of subcall function 00007FFD93853D70: ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00007FFD9385344E), ref: 00007FFD93853E16
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD9385348F
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD938534A7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: construct_stateful_ticket$ssl\statem\statem_srvr.c
                                                                                                                                                                                                  • API String ID: 193678381-2829395815
                                                                                                                                                                                                  • Opcode ID: 46267fa5aa298008cd59a240f13852e670e32edb8590ff7416706c038ee9ed8a
                                                                                                                                                                                                  • Instruction ID: de1ca9d54068d675834c5ad91587e4febe677cc685d4136edd5f2c125a3a1148
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46267fa5aa298008cd59a240f13852e670e32edb8590ff7416706c038ee9ed8a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F017121B1874341F770A7E2F9627F96259AF887C0F440071EE0D67B93EE6DE5848340
                                                                                                                                                                                                  Function 00007FFD937E13AC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ossl_statem_server_process_message$ssl\statem\statem_srvr.c
                                                                                                                                                                                                  • API String ID: 193678381-722880742
                                                                                                                                                                                                  • Opcode ID: df0cf3921cca3db6a81486bcf66a93ab7b54ea8ee73d55e0e86eec0143d665a3
                                                                                                                                                                                                  • Instruction ID: 0a1e3c697461dca1a6af87a6cbe4a536512ec2feca6d1687ed1d5483694075ff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: df0cf3921cca3db6a81486bcf66a93ab7b54ea8ee73d55e0e86eec0143d665a3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35F0F422B1854182E720D7D5E8616F87358AB44748F840431EE0D677E2DE6DE606C700
                                                                                                                                                                                                  Function 00007FFD937E1285 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ossl_statem_client_post_process_message$ssl\statem\statem_clnt.c
                                                                                                                                                                                                  • API String ID: 193678381-2148384989
                                                                                                                                                                                                  • Opcode ID: 8acab311d8739e52537a9bf6bc7d3ae5ab401df05e39711562ec302922a8bd8f
                                                                                                                                                                                                  • Instruction ID: faf2652bf0463a58e51c55c86b47f7d9c4f45768ec72c0179fa4858fff418363
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8acab311d8739e52537a9bf6bc7d3ae5ab401df05e39711562ec302922a8bd8f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94F0BE52F0C14282F3B0A7F5ED76AB822589F48360F540130DE1DB6AE5EE2DE9C6C300
                                                                                                                                                                                                  Function 00007FFD9382F280 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E109B: OPENSSL_sk_new.LIBCRYPTO-3-X64 ref: 00007FFD9384E5BC
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E109B: ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD9384E5CB
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E109B: ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD9384E5E3
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E109B: OPENSSL_sk_pop_free.LIBCRYPTO-3-X64 ref: 00007FFD9384E7BC
                                                                                                                                                                                                    • Part of subcall function 00007FFD937E109B: X509_NAME_free.LIBCRYPTO-3-X64 ref: 00007FFD9384E7C4
                                                                                                                                                                                                  • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFD9382F2A9
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFD9382F2C1
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug$E_freeL_sk_newL_sk_pop_freeX509_
                                                                                                                                                                                                  • String ID: ssl\statem\extensions.c$tls_parse_certificate_authorities
                                                                                                                                                                                                  • API String ID: 1675703442-3887711058
                                                                                                                                                                                                  • Opcode ID: 3ec826050ba19a61705729519e4f541dc2252e3a30a0d8bc1397d71a1a30d28d
                                                                                                                                                                                                  • Instruction ID: 2f2dea47644acff97bd05ed07f30152fcc858014bfea4c709b9f12f5916e2362
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ec826050ba19a61705729519e4f541dc2252e3a30a0d8bc1397d71a1a30d28d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF06821B1824241F7B0D7E5F5657F96258EF44380F444031E90C93AE6DE2DD985C700
                                                                                                                                                                                                  Function 00007FFD9384220B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_newR_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\statem_clnt.c$tls_process_hello_req
                                                                                                                                                                                                  • API String ID: 193678381-4262324755
                                                                                                                                                                                                  • Opcode ID: 9146e2eaabed538484d2d6059b962fba41c40c9bd64c8d8280068f701bc4fc74
                                                                                                                                                                                                  • Instruction ID: b22dbdd146698c4804b1b0cf372e23cef5f4f905cb27ff4e4cccdd57907be3d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9146e2eaabed538484d2d6059b962fba41c40c9bd64c8d8280068f701bc4fc74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48E08631B1828282F761DBD6F9214E9A31AEFC0380F850072D90D33BA6CE7DF58A8700
                                                                                                                                                                                                  Function 00007FF79240C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                  • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction ID: d063c9296f669999db81bfa753df17ce53d6c2a3bd33bd0e9862f408aac0a441
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25D14432B48A81CAF720EF75D4402AC77B1FB44798B908235DE5D97BA9DE78D846C720
                                                                                                                                                                                                  Function 00007FF79240CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79240CFBB), ref: 00007FF79240D0EC
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79240CFBB), ref: 00007FF79240D177
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                  • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction ID: 103f944ea6daa8fb5c12afcceeed3ddb625fccaa9fd33800dcbff6e737ed56a0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2491C322F58651C5F770FF75984027DABB0EB48B88F944139DE0E566A5CEB8DC8AC720
                                                                                                                                                                                                  Function 00007FF7923FD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction ID: 12da6a712c69c68438df9662f7c15716ba36000a6aa6559201138beefc545c9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D118C22B14B058AFB10EB70E8442A873A4FB18758F840E30DE2D467A4DFBCE459C350
                                                                                                                                                                                                  Function 00007FFD937E224D Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: X509_$E_add_lookupP_storeR_pop_to_markR_set_mark
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3476065580-0
                                                                                                                                                                                                  • Opcode ID: 87d6ace3810ce7e66609022a4c6549faa090c64f2903c055814cba156704fdda
                                                                                                                                                                                                  • Instruction ID: 4dbe6dc5f0c749f766919f1ba4031df950b189a3790c1ffea87e1bf1c2ad9f3a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87d6ace3810ce7e66609022a4c6549faa090c64f2903c055814cba156704fdda
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF08162B19B4281EB60ABD5F0617AD63A4EF88BD4F444131FE4C1BB8AEE3DD4458B01
                                                                                                                                                                                                  Function 00007FFD937FE300 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: X509_$E_add_lookupP_ctrl_exR_pop_to_markR_set_mark
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3663983608-0
                                                                                                                                                                                                  • Opcode ID: a602544fd4c719cb2c62b088519ae6b6a0a722c32b5ed32561fa72287e4fb91d
                                                                                                                                                                                                  • Instruction ID: 4e2a0924a0354dfa8595b2fa6d665d740a6fb3f096175be27fec06bc9c5a8ca2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a602544fd4c719cb2c62b088519ae6b6a0a722c32b5ed32561fa72287e4fb91d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF0F472B19B4181EB20A7D1F0617AD63A4EF48BD4F444170EE4C07B8AEF3DC0458B00
                                                                                                                                                                                                  Function 00007FFD937F9390 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_sk_dupL_sk_freeL_sk_set_cmp_funcL_sk_sort
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1312970346-0
                                                                                                                                                                                                  • Opcode ID: 708e0433598b4f187ad16dffabaed02eff713ff906de0aa16ad603ab426d0a86
                                                                                                                                                                                                  • Instruction ID: f1ca570577b492b4616beb3338873a86723412f5aad2c61d50f652d50e06390c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 708e0433598b4f187ad16dffabaed02eff713ff906de0aa16ad603ab426d0a86
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2F0A762F1870141EB60ABE6F5A22BC6398AF88BC4F444071FE0D577A7EE2CD5454700
                                                                                                                                                                                                  Function 00007FFD937EE172 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_new$L_sk_new_nullL_sk_push
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1838660387-0
                                                                                                                                                                                                  • Opcode ID: 64e1a0c9eeb3e2ccb186116d3e6c2ca078666f2b9f6e2f0de69bde2aa74c7626
                                                                                                                                                                                                  • Instruction ID: fedc73b51115f713488a0c9cdddfd828f0ffcdd088ec2124900a42b75d7bd3fc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64e1a0c9eeb3e2ccb186116d3e6c2ca078666f2b9f6e2f0de69bde2aa74c7626
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86E06520F2D74380FEB467E592603B9A2898F50784F084430DC5D2ABE6ED3EF4808315
                                                                                                                                                                                                  Function 00007FF792415B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                  • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                  • Instruction ID: c0c000c45223372383c5bd55894fe8a2f8e37918e848a5547fb92121ff955f7f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC41EA12B1868145F734FB35A4413B9F660EBA0BA4F644235EE5D06AF6EEBCD841C710
                                                                                                                                                                                                  Function 00007FF792409084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7924090B6
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: HeapFree.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF79240A9B8: GetLastError.KERNEL32(?,?,?,00007FF792412D92,?,?,?,00007FF792412DCF,?,?,00000000,00007FF792413295,?,?,?,00007FF7924131C7), ref: 00007FF79240A9D8
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7923FCC15), ref: 00007FF7924090D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\MacAttack.exe
                                                                                                                                                                                                  • API String ID: 3580290477-4135087033
                                                                                                                                                                                                  • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                  • Instruction ID: 9b1c53d5235bdce468934e1a1e26315ff3534129861389bf7f945c0824b3eebb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7418D32A48A1285FB25FF35A5500B8B3A4FB44BC0B954035EA4E47BA5CFBCEC85C360
                                                                                                                                                                                                  Function 00007FF79240CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                  • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction ID: 5014891180b3adb7d425c407ffd7aad5868a9356d80c1d08df41045b639a7b53
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78418222B58A4585EB20FF35E4443A9B760FB98794F944035EE4D877A8EF7CD841C750
                                                                                                                                                                                                  Function 00007FF79240F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                  • Opcode ID: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                  • Instruction ID: 9f970fe717d7697a5d87db196b971452a75ed56625f1886c783567fbd4e74eda
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC21B122B0828182FB30FB21D04426DB3B1FB84B44FD64435DA8D436A5DFBCED86CA60
                                                                                                                                                                                                  Function 00007FFD937E13E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: M_construct_endM_construct_utf8_string
                                                                                                                                                                                                  • String ID: digest
                                                                                                                                                                                                  • API String ID: 377494685-219324594
                                                                                                                                                                                                  • Opcode ID: 78067715c8224a4c785da813273b6b21c9a8568e2f917c2d5cb244a3787752b8
                                                                                                                                                                                                  • Instruction ID: 93dcfd5aed38f8a12a49506d2d1cc7fd4212796f2c89b799e573e2f8812b908b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78067715c8224a4c785da813273b6b21c9a8568e2f917c2d5cb244a3787752b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C21A362B08B8981E3318BA5E5113EDA368FB95BC4F548231EE8D67756DF39E285C700
                                                                                                                                                                                                  Function 00007FF7923FFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                  • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction ID: 2c3b3c5194baa763e0d7a3768b513d13a82a9026f11fa922f38900a73c8e9ae3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84115132608B8182FB20AF25F440259B7E0FB98B84F584239DE8D077A9EF7CC551C700
                                                                                                                                                                                                  Function 00007FF7924107AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2300245712.00007FF7923F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7923F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300219642.00007FF7923F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300282046.00007FF79241B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF79242E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300311641.00007FF792431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2300367995.00007FF792467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff7923f0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                                  • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction ID: f1603c6e6f742e3488ee968fb40b911afd97e492c17d6641f8a8d71072d5f696
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB017122B1D60285F730FF70A46627EB2A0EF58744FD01435D95D426A2DFACE944CA24
                                                                                                                                                                                                  Function 00007FFD937E22A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: M_construct_endM_construct_octet_string
                                                                                                                                                                                                  • String ID: ssl3-ms
                                                                                                                                                                                                  • API String ID: 587842064-1523337083
                                                                                                                                                                                                  • Opcode ID: ceca6bf21839f4b0a31d5254548593d6f81f5b79abc9799475e8ca145acfce2b
                                                                                                                                                                                                  • Instruction ID: c5b2e59f465af972bca03fcfe83a0746efb3e6ffdf20a923a9dd19783df15e87
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ceca6bf21839f4b0a31d5254548593d6f81f5b79abc9799475e8ca145acfce2b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED011A52D08F8982E322CF78C5111A87764FBA9B4CB55A321EA8C26116EF28E2D5C700
                                                                                                                                                                                                  Function 00007FFD938400F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,?,00000000,-00000031,00007FFD9383FB45), ref: 00007FFD938401A9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                  • API String ID: 488089507-3145639028
                                                                                                                                                                                                  • Opcode ID: b4c5ecda930d2209b47cc95ea39c8b690cfbdaa55b708c63a50ac152083a2f68
                                                                                                                                                                                                  • Instruction ID: aa2b55ac7907d802a1d9245afbe2a36b245d408dec0c4231a6ff55f24fcdd756
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4c5ecda930d2209b47cc95ea39c8b690cfbdaa55b708c63a50ac152083a2f68
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECF0272331C6C186E7A3DBA1E4266E83725FB45B84F490073CE4823A52CE3EC587D341
                                                                                                                                                                                                  Function 00007FFD93840135 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ERR_set_debug.LIBCRYPTO-3-X64(?,?,00000000,-00000031,00007FFD9383FB45), ref: 00007FFD938401A9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_set_debug
                                                                                                                                                                                                  • String ID: ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                  • API String ID: 488089507-3145639028
                                                                                                                                                                                                  • Opcode ID: 4643f9cbb0d49dab7a860f44c166c08595d0f04e30ead1fb6d491fbf8fdd985a
                                                                                                                                                                                                  • Instruction ID: f41bd9f756709a2edaad44d71758cbd89910cabf89cbdf2572e69492b16bcddc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4643f9cbb0d49dab7a860f44c166c08595d0f04e30ead1fb6d491fbf8fdd985a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7F0A02772C6C185E7A3DBB1E425AE83B25BB45B94F490073CF4C23A92DE3AD586D340
                                                                                                                                                                                                  Function 00007FFD9384114C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2303386629.00007FFD937E1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFD937E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303355579.00007FFD937E0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303386629.00007FFD93863000.00000020.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303477097.00007FFD93865000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303512890.00007FFD9388D000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93892000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD93898000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2303561522.00007FFD938A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd937e0000_MacAttack.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_set_debug
                                                                                                                                                                                                  • String ID: ossl_statem_client13_write_transition$ssl\statem\statem_clnt.c
                                                                                                                                                                                                  • API String ID: 488089507-1511665306
                                                                                                                                                                                                  • Opcode ID: 4078f0594e5d4ac2812ff8dbf537ccc24d5a61b35c9ac4f0e9655a5ddb8359b1
                                                                                                                                                                                                  • Instruction ID: cb587088625210ee6cdaa7df1ddc1994d8f2b2d0d17180470d709b69a2b8b613
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4078f0594e5d4ac2812ff8dbf537ccc24d5a61b35c9ac4f0e9655a5ddb8359b1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08E08621B1D18393F77297E0DC75BF927199B41340F440032C90DA79D2DF9DA58AD341