Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7zip.exe

Overview

General Information

Sample name:7zip.exe
Analysis ID:1579706
MD5:b47280043c7baa8a5defa1b1f40ceac6
SHA1:8357dcd88c30fc27c8d495d411f043b4b39ca091
SHA256:1719052a18c211d86e49577812373375a2e2c21e6d8bfefe008b8451acbec182
Tags:exeuser-4k95m
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 7zip.exe (PID: 984 cmdline: "C:\Users\user\Desktop\7zip.exe" MD5: B47280043C7BAA8A5DEFA1B1F40CEAC6)
    • conhost.exe (PID: 5884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 7zip.exe (PID: 5268 cmdline: "C:\Users\user\Desktop\7zip.exe" MD5: B47280043C7BAA8A5DEFA1B1F40CEAC6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 7zip.exeVirustotal: Detection: 11%Perma Link
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 7zip.exe, 00000000.00000003.2064490374.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 7zip.exe, 00000003.00000002.2098096710.00007FF8A8AF2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 7zip.exe, 00000003.00000002.2102312697.00007FF8B93D1000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 7zip.exe, 00000000.00000003.2064330120.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 7zip.exe, 00000000.00000003.2064330120.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 7zip.exe, 00000000.00000003.2064490374.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140_1.dll.0.dr
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7968840 FindFirstFileExW,FindClose,0_2_00007FF6B7968840
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7967800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6B7967800
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7982AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6B7982AE4
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7968840 FindFirstFileExW,FindClose,3_2_00007FF6B7968840
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7967800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF6B7967800
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7982AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF6B7982AE4
Source: 7zip.exe, 00000003.00000002.2097010800.000001F48F0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: dhttps://www.youtube.com/watch?v=xvFZjo5PgG0 equals www.youtube.com (Youtube)
Source: 7zip.exe, 00000003.00000002.2097010800.000001F48F0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=xvFZjo5PgG0 equals www.youtube.com (Youtube)
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2090105271.000001F48EDB5000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000002.2106433732.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000002.2106433732.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000002.2106433732.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2090105271.000001F48EDB5000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F1A0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088067064.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2092205596.000001F48EEBC000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F16C000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096639872.000001F48EEF8000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091432986.000001F48EEB7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096534399.000001F48EEBE000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F0C0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F18C000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091651603.000001F48EEBA000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087816395.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000002.2106433732.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000002.2106433732.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201140000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: 7zip.exe, 00000003.00000003.2088067064.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096639872.000001F48EEF8000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096040086.000001F48EDA4000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2090441310.000001F48EDA3000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087816395.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F18C000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087484465.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086044968.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096682763.000001F48EF5A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068284267.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2066878790.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000000.00000003.2068971369.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087484465.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086044968.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096682763.000001F48EF5A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: 7zip.exe, 00000003.00000003.2088128789.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2092925333.000001F48EEAE000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087890373.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089637248.000001F48EC78000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087234006.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2083740737.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084273523.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084235790.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2083703895.000001F48EC64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: 7zip.exe, 00000003.00000002.2095859684.000001F48EC90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: 7zip.exe, 00000003.00000002.2095859684.000001F48EC90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: 7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: 7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: 7zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: 7zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de16031
Source: 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: 7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: 7zip.exe, 00000003.00000003.2084583679.000001F48EDA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084273523.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: 7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPz
Source: base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: 7zip.exe, 00000003.00000002.2098096710.00007FF8A8AF2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: 7zip.exe, 00000003.00000003.2083918474.000001F48EDAD000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2092925333.000001F48EEAE000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2083740737.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084273523.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084583679.000001F48EDAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: 7zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-errorp
Source: 7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: 7zip.exe, 00000003.00000003.2087341515.000001F48EE6B000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089124058.000001F48EE6D000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086928904.000001F48EE2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: libcrypto-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: 7zip.exe, 00000003.00000002.2094013555.000001F48E940000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: 7zip.exe, 00000003.00000002.2098844542.00007FF8A8C69000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: 7zip.exe, 00000003.00000002.2098096710.00007FF8A8AF2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/)
Source: 7zip.exe, 00000003.00000002.2097010800.000001F48F0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=xvFZjo5PgG0
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79680200_2_00007FF6B7968020
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7986E700_2_00007FF6B7986E70
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7987BD40_2_00007FF6B7987BD4
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7981B380_2_00007FF6B7981B38
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79870EC0_2_00007FF6B79870EC
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79711280_2_00007FF6B7971128
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B796989B0_2_00007FF6B796989B
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79727B80_2_00007FF6B79727B8
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B797EFB80_2_00007FF6B797EFB8
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79790200_2_00007FF6B7979020
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B797173C0_2_00007FF6B797173C
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79737500_2_00007FF6B7973750
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7973F8C0_2_00007FF6B7973F8C
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79796D00_2_00007FF6B79796D0
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7970F1C0_2_00007FF6B7970F1C
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B797F6380_2_00007FF6B797F638
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7984E800_2_00007FF6B7984E80
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79876880_2_00007FF6B7987688
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7981B380_2_00007FF6B7981B38
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7968DC00_2_00007FF6B7968DC0
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B797AE200_2_00007FF6B797AE20
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79715380_2_00007FF6B7971538
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7976CF00_2_00007FF6B7976CF0
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7970D180_2_00007FF6B7970D18
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79744500_2_00007FF6B7974450
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79724200_2_00007FF6B7972420
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7973B880_2_00007FF6B7973B88
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7982AE40_2_00007FF6B7982AE4
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B798531C0_2_00007FF6B798531C
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B797EB240_2_00007FF6B797EB24
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B797132C0_2_00007FF6B797132C
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B796A26D0_2_00007FF6B796A26D
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7969A340_2_00007FF6B7969A34
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B798A9980_2_00007FF6B798A998
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7987BD43_2_00007FF6B7987BD4
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79870EC3_2_00007FF6B79870EC
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79711283_2_00007FF6B7971128
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B796989B3_2_00007FF6B796989B
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79727B83_2_00007FF6B79727B8
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B797EFB83_2_00007FF6B797EFB8
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79790203_2_00007FF6B7979020
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79680203_2_00007FF6B7968020
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B797173C3_2_00007FF6B797173C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79737503_2_00007FF6B7973750
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7973F8C3_2_00007FF6B7973F8C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79796D03_2_00007FF6B79796D0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7970F1C3_2_00007FF6B7970F1C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7986E703_2_00007FF6B7986E70
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B797F6383_2_00007FF6B797F638
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7984E803_2_00007FF6B7984E80
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79876883_2_00007FF6B7987688
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7981B383_2_00007FF6B7981B38
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7968DC03_2_00007FF6B7968DC0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B797AE203_2_00007FF6B797AE20
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79715383_2_00007FF6B7971538
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7976CF03_2_00007FF6B7976CF0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7970D183_2_00007FF6B7970D18
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79744503_2_00007FF6B7974450
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B79724203_2_00007FF6B7972420
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7981B383_2_00007FF6B7981B38
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7973B883_2_00007FF6B7973B88
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7982AE43_2_00007FF6B7982AE4
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B798531C3_2_00007FF6B798531C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B797EB243_2_00007FF6B797EB24
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B797132C3_2_00007FF6B797132C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B796A26D3_2_00007FF6B796A26D
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7969A343_2_00007FF6B7969A34
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B798A9983_2_00007FF6B798A998
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7831FB03_2_00007FF8B7831FB0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78323E03_2_00007FF8B78323E0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78445C03_2_00007FF8B78445C0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78448103_2_00007FF8B7844810
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78924903_2_00007FF8B7892490
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78929B03_2_00007FF8B78929B0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7892EB03_2_00007FF8B7892EB0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78935203_2_00007FF8B7893520
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7891D703_2_00007FF8B7891D70
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7891FE03_2_00007FF8B7891FE0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78A1D303_2_00007FF8B78A1D30
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78A21203_2_00007FF8B78A2120
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78B1F003_2_00007FF8B78B1F00
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78B21E03_2_00007FF8B78B21E0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7FD1F803_2_00007FF8B7FD1F80
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B80723803_2_00007FF8B8072380
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8071D303_2_00007FF8B8071D30
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B80722703_2_00007FF8B8072270
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B80822803_2_00007FF8B8082280
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8081D303_2_00007FF8B8081D30
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B87921503_2_00007FF8B8792150
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8831FE03_2_00007FF8B8831FE0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B022303_2_00007FF8B8B02230
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B25DD03_2_00007FF8B8B25DD0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B219E03_2_00007FF8B8B219E0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B219003_2_00007FF8B8B21900
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B272C83_2_00007FF8B8B272C8
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B212B03_2_00007FF8B8B212B0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B22E603_2_00007FF8B8B22E60
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B28E103_2_00007FF8B8B28E10
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B2FA103_2_00007FF8B8B2FA10
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B223803_2_00007FF8B8B22380
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B244F03_2_00007FF8B8B244F0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B254A03_2_00007FF8B8B254A0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F810003_2_00007FF8B8F81000
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F83C403_2_00007FF8B8F83C40
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F861603_2_00007FF8B8F86160
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F83EE03_2_00007FF8B8F83EE0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F82EF03_2_00007FF8B8F82EF0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B93C32803_2_00007FF8B93C3280
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B93C530C3_2_00007FF8B93C530C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B9F67CA03_2_00007FF8B9F67CA0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BA4F16303_2_00007FF8BA4F1630
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BA4F10C03_2_00007FF8BA4F10C0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB27A03_2_00007FF8BFAB27A0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB39F03_2_00007FF8BFAB39F0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB32E03_2_00007FF8BFAB32E0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB2ED03_2_00007FF8BFAB2ED0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB3F503_2_00007FF8BFAB3F50
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB1F503_2_00007FF8BFAB1F50
Source: C:\Users\user\Desktop\7zip.exeCode function: String function: 00007FF6B7962020 appears 34 times
Source: C:\Users\user\Desktop\7zip.exeCode function: String function: 00007FF6B7961E50 appears 106 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 7zip.exe, 00000000.00000003.2065015277.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2064490374.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2064330120.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2064784141.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 7zip.exe
Source: 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 7zip.exe
Source: 7zip.exeBinary or memory string: OriginalFilename vs 7zip.exe
Source: 7zip.exe, 00000003.00000002.2102349809.00007FF8B93DE000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 7zip.exe
Source: 7zip.exe, 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 7zip.exe
Source: 7zip.exe, 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 7zip.exe
Source: 7zip.exe, 00000003.00000002.2099341884.00007FF8A8D92000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs 7zip.exe
Source: 7zip.exe, 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 7zip.exe
Source: 7zip.exe, 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 7zip.exe
Source: 7zip.exe, 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 7zip.exe
Source: classification engineClassification label: mal52.winEXE@4/57@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5884:120:WilError_03
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842Jump to behavior
Source: C:\Users\user\Desktop\7zip.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 7zip.exeVirustotal: Detection: 11%
Source: C:\Users\user\Desktop\7zip.exeFile read: C:\Users\user\Desktop\7zip.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\7zip.exe "C:\Users\user\Desktop\7zip.exe"
Source: C:\Users\user\Desktop\7zip.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\7zip.exeProcess created: C:\Users\user\Desktop\7zip.exe "C:\Users\user\Desktop\7zip.exe"
Source: C:\Users\user\Desktop\7zip.exeProcess created: C:\Users\user\Desktop\7zip.exe "C:\Users\user\Desktop\7zip.exe"Jump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\7zip.exeSection loaded: kernel.appcore.dllJump to behavior
Source: 7zip.exeStatic file information: File size 8777256 > 1048576
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 7zip.exe, 00000000.00000003.2064490374.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 7zip.exe, 00000000.00000003.2070594924.000001B201133000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 7zip.exe, 00000003.00000002.2098096710.00007FF8A8AF2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 7zip.exe, 00000000.00000003.2071613476.000001B201133000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 7zip.exe, 00000003.00000002.2102312697.00007FF8B93D1000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 7zip.exe, 00000000.00000003.2065216121.000001B201133000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 7zip.exe, 00000000.00000003.2065348396.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 7zip.exe, 00000000.00000003.2064602365.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 7zip.exe, 00000000.00000003.2064330120.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 7zip.exe, 00000000.00000003.2064330120.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 7zip.exe, 00000000.00000003.2065514037.000001B201133000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 7zip.exe, 00000000.00000003.2065628266.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 7zip.exe, 00000000.00000003.2064490374.000001B201133000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140_1.dll.0.dr
Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B2D4FF push rcx; iretd 3_2_00007FF8B8B2D4F5
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B2D4C4 push rcx; iretd 3_2_00007FF8B8B2D4F5

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\7zip.exeProcess created: "C:\Users\user\Desktop\7zip.exe"
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\select.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7964C40 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6B7964C40
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\select.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\7zip.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18434
Source: C:\Users\user\Desktop\7zip.exeAPI coverage: 1.2 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7968840 FindFirstFileExW,FindClose,0_2_00007FF6B7968840
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7967800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6B7967800
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7982AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6B7982AE4
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7968840 FindFirstFileExW,FindClose,3_2_00007FF6B7968840
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7967800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF6B7967800
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B7982AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF6B7982AE4
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B93D0100 GetSystemInfo,VirtualAlloc,3_2_00007FF8B93D0100
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B796C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B796C6FC
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B79846F0 GetProcessHeap,0_2_00007FF6B79846F0
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B796C8A0 SetUnhandledExceptionFilter,0_2_00007FF6B796C8A0
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B796C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B796C6FC
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B796BE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6B796BE60
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B797B558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B797B558
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B796C8A0 SetUnhandledExceptionFilter,3_2_00007FF6B796C8A0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B796C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6B796C6FC
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B796BE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF6B796BE60
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF6B797B558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6B797B558
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7831390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B7831390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7831960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B7831960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7841390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B7841390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7841960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B7841960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7891390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B7891390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7891960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B7891960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78A1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B78A1390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78A1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B78A1960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78B1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B78B1390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78B1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B78B1960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B78C1390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B78C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B78C1960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7FD1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B7FD1390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B7FD1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B7FD1960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8071390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8071390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8071960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8071960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8081390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8081390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8081960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8081960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8791390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8791390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8791960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8791960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8831390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8831390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8831960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8831960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8AF1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8AF1390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8AF1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8AF1960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B01390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8B01390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B01960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8B01960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8B11960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8B11390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B33E1C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8B33E1C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8B3385C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8B3385C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8C11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8C11960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8C11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8C11390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8CB1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8CB1960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8CB1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8CB1390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F71390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8F71390
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F71960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8F71960
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F8AB04 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8F8AB04
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B8F8A0D0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8F8A0D0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B93C6530 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B93C6530
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B93C5F9C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B93C5F9C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B9844628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B9844628
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8B9F70AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B9F70AA8
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BA4F2BBC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8BA4F2BBC
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BA4F309C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8BA4F309C
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB52F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8BFAB52F0
Source: C:\Users\user\Desktop\7zip.exeCode function: 3_2_00007FF8BFAB4D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8BFAB4D20
Source: C:\Users\user\Desktop\7zip.exeProcess created: C:\Users\user\Desktop\7zip.exe "C:\Users\user\Desktop\7zip.exe"Jump to behavior
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B798A7E0 cpuid 0_2_00007FF6B798A7E0
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Protocol VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeQueries volume information: C:\Users\user\Desktop\7zip.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B796C5E0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6B796C5E0
Source: C:\Users\user\Desktop\7zip.exeCode function: 0_2_00007FF6B7986E70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6B7986E70

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Timestomp		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS23
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579706 Sample: 7zip.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 52 22 Multi AV Scanner detection for submitted file 2->22 6 7zip.exe 66 2->6         started        process3 file4 14 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->14 dropped 16 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 6->16 dropped 18 C:\Users\user\AppData\Local\...\python312.dll, PE32+ 6->18 dropped 20 53 other files (none is malicious) 6->20 dropped 24 Found pyInstaller with non standard icon 6->24 10 7zip.exe 1 6->10         started        12 conhost.exe 6->12         started        signatures5 process6

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
7zip.exe11%VirustotalBrowse
7zip.exe5%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI9842\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://github.com/asweigart/pyperclip/issues/557zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6887zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160317zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://nvlpubs.nist.gov/nistpubs/SpecialPz7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.tarsnap.com/scrypt/scrypt-slides.pdf7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://tools.ietf.org/html/rfc58697zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://www.python.org/download/releases/2.3/mro/.7zip.exe, 00000003.00000002.2094013555.000001F48E940000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                      		high
                      http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2090105271.000001F48EDB5000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F1A0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088067064.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2092205596.000001F48EEBC000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F16C000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096639872.000001F48EEF8000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091432986.000001F48EEB7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096534399.000001F48EEBE000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F0C0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F18C000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091651603.000001F48EEBA000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087816395.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error7zip.exe, 00000003.00000003.2083918474.000001F48EDAD000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2092925333.000001F48EEAE000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2083740737.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084273523.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084583679.000001F48EDAD000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/python/cpython/issues/86361.7zip.exe, 00000003.00000003.2084583679.000001F48EDA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084273523.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module7zip.exe, 00000003.00000002.2095859684.000001F48EC90000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches7zip.exe, 00000003.00000002.2095859684.000001F48EC90000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module7zip.exe, 00000003.00000002.2094013555.000001F48E9BC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy7zip.exe, 00000003.00000003.2092743009.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2074264335.000001F48EBB9000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2093763401.000001F48D11A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091193008.000001F48D0FF000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2091676773.000001F48D119000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.python.org/psf/license/7zip.exe, 00000003.00000002.2098844542.00007FF8A8C69000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                    		high
                                                    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base647zip.exe, 00000003.00000003.2088128789.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2092925333.000001F48EEAE000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087890373.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089637248.000001F48EC78000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087234006.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2083740737.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084273523.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2084235790.000001F48EC73000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2083703895.000001F48EC64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.youtube.com/watch?v=xvFZjo5PgG07zip.exe, 00000003.00000002.2097010800.000001F48F0C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-errorp7zip.exe, 00000003.00000002.2096778652.000001F48EFA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://tools.ietf.org/html/rfc52977zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.openssl.org/Hlibcrypto-3.dll.0.drfalse
                                                              		high
                                                              http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2090105271.000001F48EDB5000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089932151.000001F48EDA7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tools.ietf.org/html/rfc52977zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F18C000.00000004.00001000.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2088016859.000001F48EF6F000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2097010800.000001F48F170000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.ietf.org/rfc/rfc2898.txt7zip.exe, 00000003.00000003.2087341515.000001F48EE6B000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2089124058.000001F48EE6D000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086928904.000001F48EE2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tools.ietf.org/html/rfc48807zip.exe, 00000003.00000003.2088067064.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096639872.000001F48EEF8000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096040086.000001F48EDA4000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2090441310.000001F48EDA3000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087816395.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087484465.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086044968.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096682763.000001F48EF5A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://tools.ietf.org/html/rfc36107zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://peps.python.org/pep-0205/base_library.zip.0.drfalse
                                                                            		high
                                                                            https://www.python.org/psf/license/)7zip.exe, 00000003.00000002.2098096710.00007FF8A8AF2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                              		high
                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py7zip.exe, 00000003.00000003.2089698861.000001F48D0FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.rfc-editor.org/info/rfc72537zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087484465.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086044968.000001F48EF57000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000002.2096682763.000001F48EF5A000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf7zip.exe, 00000003.00000003.2087747720.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087341515.000001F48EEA6000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087984841.000001F48EEAB000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086692991.000001F48EF6C000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2085997887.000001F48EF64000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2086879616.000001F48EF64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://peps.python.org/pep-0263/7zip.exe, 00000003.00000002.2098096710.00007FF8A8AF2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                                      		high
                                                                                      http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf7zip.exe, 00000003.00000003.2087341515.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087644615.000001F48EF38000.00000004.00000020.00020000.00000000.sdmp, 7zip.exe, 00000003.00000003.2087506432.000001F48EEF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename7zip.exe, 00000003.00000002.2094013555.000001F48E940000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          No contacted IP infos

                                                                                          General Information

                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1579706
                                                                                          Start date and time:2024-12-23 07:44:45 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 5m 18s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:4
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:7zip.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal52.winEXE@4/57@0/0
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          HCA Information:Failed
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Stop behavior analysis, all processes terminated

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          No simulations

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          No context

                                                                                          Domains

                                                                                          No context

                                                                                          ASNs

                                                                                          No context

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_Salsa20.pydmain.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                            main.exeGet hashmaliciousUnknownBrowse
                                                                                              chos.exeGet hashmaliciousUnknownBrowse
                                                                                                ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                  shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                    lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                      WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                        dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                          ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                            zed.exeGet hashmaliciousUnknownBrowse
                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_ARC4.pydmain.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                main.exeGet hashmaliciousUnknownBrowse
                                                                                                                  chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                    ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                      shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                        lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                          WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                            dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                              ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                zed.exeGet hashmaliciousUnknownBrowse

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_ARC4.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):11264
                                                                                                                                  Entropy (8bit):4.640339306680604
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                  MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                  SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                  SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                  SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):13824
                                                                                                                                  Entropy (8bit):5.0194545642425075
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                  MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                  SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                  SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                  SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_chacha20.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):13312
                                                                                                                                  Entropy (8bit):5.037456384995606
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                  MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                  SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                  SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                  SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):14336
                                                                                                                                  Entropy (8bit):5.09191874780435
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                  MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                  SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                  SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                  SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):36352
                                                                                                                                  Entropy (8bit):6.541423493519083
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                  MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                  SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                  SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                  SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):15360
                                                                                                                                  Entropy (8bit):5.367749645917753
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                  MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                  SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                  SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                  SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):16384
                                                                                                                                  Entropy (8bit):5.41148259289073
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                  MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                  SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                  SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                  SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):20992
                                                                                                                                  Entropy (8bit):6.041302713678401
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                  MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                  SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                  SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                  SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):24576
                                                                                                                                  Entropy (8bit):6.530656045206549
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                  MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                  SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                  SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                  SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):12288
                                                                                                                                  Entropy (8bit):4.7080156150187396
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                  MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                  SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                  SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                  SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):12800
                                                                                                                                  Entropy (8bit):5.159963979391524
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                  MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                  SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                  SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                  SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):14848
                                                                                                                                  Entropy (8bit):5.270418334522813
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                  MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                  SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                  SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                  SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):56832
                                                                                                                                  Entropy (8bit):4.231032526864278
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                  MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                  SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                  SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                  SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):57344
                                                                                                                                  Entropy (8bit):4.252429732285762
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                  MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                  SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                  SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                  SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):10240
                                                                                                                                  Entropy (8bit):4.690163963718492
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                  MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                  SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                  SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                  SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):22016
                                                                                                                                  Entropy (8bit):6.1215844022564285
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                  MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                  SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                  SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                  SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):17920
                                                                                                                                  Entropy (8bit):5.293810509074883
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                  MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                  SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                  SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                  SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):11776
                                                                                                                                  Entropy (8bit):4.862619033406922
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                  MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                  SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                  SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                  SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):14336
                                                                                                                                  Entropy (8bit):5.227045547076371
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                  MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                  SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                  SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                  SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):13824
                                                                                                                                  Entropy (8bit):5.176369829782773
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                  MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                  SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                  SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                  SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD2.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):14336
                                                                                                                                  Entropy (8bit):5.047563322651927
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                  MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                  SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                  SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                  SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD4.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):13824
                                                                                                                                  Entropy (8bit):5.09893680790018
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                  MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                  SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                  SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                  SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_MD5.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):15360
                                                                                                                                  Entropy (8bit):5.451865349855574
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                  MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                  SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                  SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                  SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):13824
                                                                                                                                  Entropy (8bit):5.104245335186531
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                  MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                  SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                  SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                  SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA1.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):17920
                                                                                                                                  Entropy (8bit):5.671305741258107
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                  MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                  SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                  SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                  SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA224.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):21504
                                                                                                                                  Entropy (8bit):5.878701941774916
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                  MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                  SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                  SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                  SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA256.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):21504
                                                                                                                                  Entropy (8bit):5.881781476285865
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                  MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                  SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                  SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                  SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA384.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):26624
                                                                                                                                  Entropy (8bit):5.837887867708438
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                  MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                  SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                  SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                  SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_SHA512.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):26624
                                                                                                                                  Entropy (8bit):5.895310340516013
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                  MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                  SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                  SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                  SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):12800
                                                                                                                                  Entropy (8bit):4.967737129255606
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                  MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                  SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                  SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                  SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):13312
                                                                                                                                  Entropy (8bit):5.007867576025166
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                  MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                  SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                  SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                  SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_keccak.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):15872
                                                                                                                                  Entropy (8bit):5.226023387740053
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                  MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                  SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                  SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                  SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Hash\_poly1305.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):14848
                                                                                                                                  Entropy (8bit):5.262055670423592
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                  MD5:18D2D96980802189B23893820714DA90
                                                                                                                                  SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                  SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                  SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Math\_modexp.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):36352
                                                                                                                                  Entropy (8bit):5.913843738203007
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                  MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                  SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                  SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                  SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Protocol\_scrypt.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):12288
                                                                                                                                  Entropy (8bit):4.735350805948923
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                  MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                  SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                  SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                  SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):22528
                                                                                                                                  Entropy (8bit):5.705606408072877
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                  MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                  SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                  SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                  SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_curve448.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):70656
                                                                                                                                  Entropy (8bit):6.0189903352673655
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                  MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                  SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                  SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                  SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):770560
                                                                                                                                  Entropy (8bit):7.613224993327352
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                  MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                  SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                  SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                  SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):26112
                                                                                                                                  Entropy (8bit):5.8551858881598795
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                  MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                  SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                  SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                  SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\PublicKey\_ed448.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):84992
                                                                                                                                  Entropy (8bit):6.064677498000638
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                  MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                  SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                  SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                  SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_cpuid_c.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):10240
                                                                                                                                  Entropy (8bit):4.675380950473425
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                  MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                  SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                  SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                  SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\Crypto\Util\_strxor.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):10240
                                                                                                                                  Entropy (8bit):4.625428549874022
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                  MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                  SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                  SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                  SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\VCRUNTIME140.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):119192
                                                                                                                                  Entropy (8bit):6.6016214745004635
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                  MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                  SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                  SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                  SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\VCRUNTIME140_1.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):49528
                                                                                                                                  Entropy (8bit):6.662491747506177
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                  MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                  SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                  SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                  SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\_bz2.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):85272
                                                                                                                                  Entropy (8bit):6.581027304618609
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:Va1z78QpNWk5qkCFM7Q4SPogYzR8WkiHH9IjCVz7SyqxJ:Va1zg5kWFqQ4Xz+Wkq9IjCVze
                                                                                                                                  MD5:223FD6748CAE86E8C2D5618085C768AC
                                                                                                                                  SHA1:DCB589F2265728FE97156814CBE6FF3303CD05D3
                                                                                                                                  SHA-256:F81DC49EAC5ECC528E628175ADD2FF6BDA695A93EA76671D7187155AA6326ABB
                                                                                                                                  SHA-512:9C22C178417B82E68F71E5B7FE7C0C0A77184EE12BD0DC049373EACE7FA66C89458164D124A9167AE760FF9D384B78CA91001E5C151A51AD80C824066B8ECCE6
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o~..+...+...+..."g..!...-...)...-.i.(...-...&...-...#...-.../...D...(...`g..)...+...t...D...#...D...*...D.k.*...D...*...Rich+...........................PE..d....K.f.........." ...&.....^...............................................`.......b....`.............................................H............@.......0..8......../...P..........T...........................p...@............................................text............................... ..`.rdata...>.......@..................@..@.data........ ......................@....pdata..8....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\_ctypes.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):125208
                                                                                                                                  Entropy (8bit):6.122025398643493
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:pmHf1MbO+o9/RZYMf/E2ZzKIyPFzqprhIjLPs6U:0uO+4/nLf/ET9qprGU
                                                                                                                                  MD5:BBD5533FC875A4A075097A7C6ABA865E
                                                                                                                                  SHA1:AB91E62C6D02D211A1C0683CB6C5B0BDD17CBF00
                                                                                                                                  SHA-256:BE9828A877E412B48D75ADDC4553D2D2A60AE762A3551F9731B50CAE7D65B570
                                                                                                                                  SHA-512:23EF351941F459DEE7ED2CEBBAE21969E97B61C0D877CFE15E401C36369D2A2491CA886BE789B1A0C5066D6A8835FD06DB28B5B28FB6E9DF84C2D0B0D8E9850E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&e..b..b..b..k|H.d..d..`..d..n..d..j..d..f.....`..)|.c..)|.d...x.a..b........d.....c....$.c.....c..Richb..................PE..d....K.f.........." ...&............\_..............................................j.....`.........................................``.......`.........................../......t.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data...,5.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\_decimal.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):251672
                                                                                                                                  Entropy (8bit):6.565757128183933
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6144:1pR/rTVB5s99Rvft6yrsIzepnbux9qWM53pLW1Ad+ppp39PPPF8Sstvt:djLyvftDFzZUTK8SUvt
                                                                                                                                  MD5:3055EDF761508190B576E9BF904003AA
                                                                                                                                  SHA1:F0DC8D882B5CD7955CC6DFC8F9834F70A83C7890
                                                                                                                                  SHA-256:E4104E47399D3F635A14D649F61250E9FD37F7E65C81FFE11F099923F8532577
                                                                                                                                  SHA-512:87538FE20BD2C1150A8FEFD0478FFD32E2A9C59D22290464BF5DFB917F6AC7EC874F8B1C70D643A4DC3DD32CBE17E7EA40C0BE3EA9DD07039D94AB316F752248
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW.....................f.......f.......f.......f.......f......................f.......f.......f.......f.......f......Rich............PE..d...yK.f.........." ...&.p...<......................................................i ....`..........................................D..P....E..................`'......./......T.......T...........................@...@............................................text...9o.......p.................. ..`.rdata..H............t..............@..@.data...X*...`...$...L..............@....pdata..`'.......(...p..............@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\_hashlib.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65816
                                                                                                                                  Entropy (8bit):6.241463396742061
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:6PSs3+S7z1FBV8HEmFRqeVIjOIf7Sy0xs:7szBVWEm/fVIjOIft
                                                                                                                                  MD5:EEDB6D834D96A3DFFFFB1F65B5F7E5BE
                                                                                                                                  SHA1:ED6735CFDD0D1EC21C7568A9923EB377E54B308D
                                                                                                                                  SHA-256:79C4CDE23397B9A35B54A3C2298B3C7A844454F4387CB0693F15E4FACD227DD2
                                                                                                                                  SHA-512:527BD7BB2F4031416762595F4CE24CBC6254A50EAF2CC160B930950C4F2B3F5E245A486972148C535F8CD80C78EC6FA8C9A062085D60DB8F23D4B21E8AE4C0AD
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~z.A:...:...:...3ca.>...<...8...<...6...<...2...<...9...U...8...qc..8.......9...:.......U...;...U...;...U...;...U...;...Rich:...........................PE..d....K.f.........." ...&.T..........L@..............................................lg....`.............................................P.............................../......X...@}..T............................|..@............p..(............................text...wS.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\_lzma.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):160024
                                                                                                                                  Entropy (8bit):6.841300813767097
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:EwpwQ7a8+OsGqtCXJznfF9mNo+pxAbm19IjZ1Tv:EwpV7a8FdNYO+pmC1i
                                                                                                                                  MD5:05E8B2C429AFF98B3AE6ADC842FB56A3
                                                                                                                                  SHA1:834DDBCED68DB4FE17C283AB63B2FAA2E4163824
                                                                                                                                  SHA-256:A6E2A5BB7A33AD9054F178786A031A46EA560FAEEF1FB96259331500AAE9154C
                                                                                                                                  SHA-512:BADEB99795B89BC7C1F0C36BECC7A0B2CE99ECFD6F6BB493BDA24B8E57E6712E23F4C509C96A28BC05200910BEDDC9F1536416BBC922331CAE698E813CBB50B3
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..MRu.MRu.MRu.D*..IRu.K.t.ORu.K.p.ARu.K.q.ERu.K.v.NRu.".t.NRu..*t.ORu.MRt.(Ru.".x.wRu.".u.LRu."..LRu.".w.LRu.RichMRu.........................PE..d....K.f.........." ...&.f...........8..............................................`3....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text....d.......f.................. ..`.rdata..............j..............@..@.data...h....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\_socket.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):83224
                                                                                                                                  Entropy (8bit):6.336512797446254
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:rGkFyhCF5VK8+1j50VnWZyJwe9/s+S+pzj18/n1IsJw4YhIjLwYX7Sy4xU:rsYn1qFyJwe9/sT+pzjU1IwwDhIjLwaT
                                                                                                                                  MD5:DC06F8D5508BE059EAE9E29D5BA7E9EC
                                                                                                                                  SHA1:D666C88979075D3B0C6FD3BE7C595E83E0CB4E82
                                                                                                                                  SHA-256:7DAFF6AA3851A913ED97995702A5DFB8A27CB7CF00FB496597BE777228D7564A
                                                                                                                                  SHA-512:57EB36BC1E9BE20C85C34B0A535B2349CB13405D60E752016E23603C4648939F1150E4DBEBC01EC7B43EB1A6947C182CCB8A806E7E72167AD2E9D98D1FD94AB3
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.i....}...}...}..}...}.0.|...}.0.|...}.0.|...}.0.|...}o0.|...}...}...}K..|...}o0.|...}o0.|...}o0.}...}o0.|...}Rich...}........PE..d....K.f.........." ...&.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\_wmi.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):36632
                                                                                                                                  Entropy (8bit):6.3757770375418374
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:1q4nnHFAX6wpFWN5k509IjCi85YiSyv9AMxkEga+:1hnlmTpFWN5k509IjCiG7SyNxEa+
                                                                                                                                  MD5:7EC3FC12C75268972078B1C50C133E9B
                                                                                                                                  SHA1:73F9CF237FE773178A997AD8EC6CD3AC0757C71E
                                                                                                                                  SHA-256:1A105311A5ED88A31472B141B4B6DAA388A1CD359FE705D9A7A4ABA793C5749F
                                                                                                                                  SHA-512:441F18E8CE07498BC65575E1AE86C1636E1CEB126AF937E2547710131376BE7B4CB0792403409A81B5C6D897B239F26EC9F36388069E324249778A052746795E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]lr.<.!.<.!.<.!.D.!.<.!... .<.!... .<.!... .<.!.. .<.!... .<.!.D. .<.!.<.!.<.!.D. .<.!.. .<.!.. .<.!..!.<.!.. .<.!Rich.<.!........................PE..d....K.f.........." ...&.(...:.......&.............................................._.....`..........................................U..H....V...............p..`....`.../......t...TG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata.......@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B........................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\base_library.zip

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1333651
                                                                                                                                  Entropy (8bit):5.586849198494729
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:uttcY+bS4OmE1jc+fYNXPh26UZWAzDX7jOIqL3CjtgopCdmoPJHz1dTfsFvaYcII:uttcY+NHSPD/e2mqCdmoPtzDIaYcII
                                                                                                                                  MD5:0361D8ACA6E5625AC88A0FE9E8651762
                                                                                                                                  SHA1:0A4502864421E98A7FBB8A7BEB85EA1BD4E9687A
                                                                                                                                  SHA-256:C53613D4CD1F5BF5C532EA5154E5DA20748C7BBCE4AF9FCE0284075EF0261B0E
                                                                                                                                  SHA-512:0CF82FE095ED2EB38D463659C3198903F9B7C53DC368E5E68A6BF1A5A28335406AF69B5214FBA2307412BC7DBA880DE302431E7048D69C904AE63DB93EE12CFE
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\libcrypto-3.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):5191960
                                                                                                                                  Entropy (8bit):5.962142634441191
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                  MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                  SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                  SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                  SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\libffi-8.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):39696
                                                                                                                                  Entropy (8bit):6.641880464695502
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                  MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                  SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                  SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                  SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\python312.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):6928664
                                                                                                                                  Entropy (8bit):5.765764546579782
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:49152:77dFcaC296MwQx0AWOO5JqSEShouly4XUV/x3aOvi5lnX79DxW/En8tdFNPhD2SI:7Z+aCnAh8lRA4jvE0ivHHDMiEBaw
                                                                                                                                  MD5:3C388CE47C0D9117D2A50B3FA5AC981D
                                                                                                                                  SHA1:038484FF7460D03D1D36C23F0DE4874CBAEA2C48
                                                                                                                                  SHA-256:C98BA3354A7D1F69BDCA42560FEEC933CCBA93AFCC707391049A065E1079CDDB
                                                                                                                                  SHA-512:E529C5C1C028BE01E44A156CD0E7CAD0A24B5F91E5D34697FAFC395B63E37780DC0FAC8F4C5D075AD8FE4BD15D62A250B818FF3D4EAD1E281530A4C7E3CE6D35
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ._.A...A...A.......A.......A.......A.......A.......A...9e..A...9...A...A...@......cA.......A.......A.......A..Rich.A..........PE..d...cK.f.........." ...&..(..*B.....8.........................................j.....$cj...`.........................................0nN.d....;O...... i......._.TI....i../...0i..Z....2.T.....................H.(...`.2.@............0(..............................text...r.(.......(................. ..`.rdata...0'..0(..2'...(.............@..@.data....D...pO......PO.............@....pdata..TI...._..J....^.............@..@PyRuntim......b......"a.............@....rsrc........ i......$h.............@..@.reloc...Z...0i..\....h.............@..B........................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\select.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):30488
                                                                                                                                  Entropy (8bit):6.576230704358061
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:vNnMgHqxp1GPn5hIjQGl5YiSyv38aAMxkE7:vNnMgKxp1U5hIjQGr7Sy/8Yxn
                                                                                                                                  MD5:92B440CA45447EC33E884752E4C65B07
                                                                                                                                  SHA1:5477E21BB511CC33C988140521A4F8C11A427BCC
                                                                                                                                  SHA-256:680DF34FB908C49410AC5F68A8C05D92858ACD111E62D1194D15BDCE520BD6C3
                                                                                                                                  SHA-512:40E60E1D1445592C5E8EB352A4052DB28B1739A29E16B884B0BA15917B058E66196988214CE473BA158704837B101A13195D5E48CB1DC2F07262DFECFE8D8191
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.tb..'b..'b..'k.V'`..'d(.&`..'d(.&n..'d(.&j..'d(.&f..'.(.&`..'b..' ..')..&g..'.(.&c..'.(.&c..'.(:'c..'.(.&c..'Richb..'........PE..d....K.f.........." ...&.....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...X....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI9842\unicodedata.pyd

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1137944
                                                                                                                                  Entropy (8bit):5.462087550450309
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:/rEHdcM6hb4CjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciQn:/rEXtCjfk7bPNfv42BN6yzUiQn
                                                                                                                                  MD5:16BE9A6F941F1A2CB6B5FCA766309B2C
                                                                                                                                  SHA1:17B23AE0E6A11D5B8159C748073E36A936F3316A
                                                                                                                                  SHA-256:10FFD5207EEFF5A836B330B237D766365D746C30E01ABF0FD01F78548D1F1B04
                                                                                                                                  SHA-512:64B7ECC58AE7CF128F03A0D5D5428AAA0D4AD4AE7E7D19BE0EA819BBBF99503836BFE4946DF8EE3AB8A92331FDD002AB9A9DE5146AF3E86FEF789CE46810796B
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aM...#...#...#..x....#.."...#..&...#..'...#.. ...#..."...#..x"...#..."...#.......#...#...#......#...!...#.Rich..#.................PE..d....K.f.........." ...&.>..........\*.......................................p.......Q....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:
                                                                                                                                  Entropy (8bit):7.99327050300608
                                                                                                                                  TrID:
                                                                                                                                  • Win64 Executable Console (202006/5) 77.37%
                                                                                                                                  • InstallShield setup (43055/19) 16.49%
                                                                                                                                  • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                  • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                  File name:7zip.exe
                                                                                                                                  File size:8'777'256 bytes
                                                                                                                                  MD5:b47280043c7baa8a5defa1b1f40ceac6
                                                                                                                                  SHA1:8357dcd88c30fc27c8d495d411f043b4b39ca091
                                                                                                                                  SHA256:1719052a18c211d86e49577812373375a2e2c21e6d8bfefe008b8451acbec182
                                                                                                                                  SHA512:c894a713ee5c6bfca64eaa61690bd3b1a1a78c8fc56e99385c7ba5091d891152f66954950bf638c84084f2ddfd96c52eaa8a941e2b59c5c9d26c8c135d69e1e1
                                                                                                                                  SSDEEP:196608:4um59Yi0PcA1HeT39IigleE9TFa0Z8DOjCdylxkQysglO:O9YiKl1+TtIiHY9Z8D8Cclxn0O
                                                                                                                                  TLSH:2396331862E10AE9F9B72179C6A7C951E7F27C160370CB4F23F816251F272F54A3AB52
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xh.B<...<...<...wq..;...wq......wq..6...,.W.>...,...5...,...-...,.......wq..;...<.......w...%...w...=...Rich<...........PE..d..

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:ba828babababa2d8

                                                                                                                                  Network Behavior

                                                                                                                                  No network behavior found

                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:01:45:37
                                                                                                                                  Start date:23/12/2024
                                                                                                                                  Path:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Users\user\Desktop\7zip.exe"
                                                                                                                                  Imagebase:0x7ff6b7960000
                                                                                                                                  File size:8'777'256 bytes
                                                                                                                                  MD5 hash:B47280043C7BAA8A5DEFA1B1F40CEAC6
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:1
                                                                                                                                  Start time:01:45:37
                                                                                                                                  Start date:23/12/2024
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                  File size:862'208 bytes
                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:3
                                                                                                                                  Start time:01:45:39
                                                                                                                                  Start date:23/12/2024
                                                                                                                                  Path:C:\Users\user\Desktop\7zip.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Users\user\Desktop\7zip.exe"
                                                                                                                                  Imagebase:0x7ff6b7960000
                                                                                                                                  File size:8'777'256 bytes
                                                                                                                                  MD5 hash:B47280043C7BAA8A5DEFA1B1F40CEAC6
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:10%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:16.1%
                                                                                                                                    Total number of Nodes:2000
                                                                                                                                    Total number of Limit Nodes:68
                                                                                                                                    execution_graph 20554 7ff6b79765e4 20555 7ff6b797661b 20554->20555 20556 7ff6b79765fe 20554->20556 20555->20556 20557 7ff6b797662e CreateFileW 20555->20557 20558 7ff6b7975e28 _fread_nolock 11 API calls 20556->20558 20560 7ff6b7976698 20557->20560 20561 7ff6b7976662 20557->20561 20559 7ff6b7976603 20558->20559 20562 7ff6b7975e48 _get_daylight 11 API calls 20559->20562 20605 7ff6b7976bc0 20560->20605 20579 7ff6b7976738 GetFileType 20561->20579 20565 7ff6b797660b 20562->20565 20568 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20565->20568 20575 7ff6b7976616 20568->20575 20569 7ff6b797668d CloseHandle 20569->20575 20570 7ff6b7976677 CloseHandle 20570->20575 20571 7ff6b79766cc 20626 7ff6b7976980 20571->20626 20572 7ff6b79766a1 20573 7ff6b7975dbc _fread_nolock 11 API calls 20572->20573 20578 7ff6b79766ab 20573->20578 20578->20575 20580 7ff6b7976786 20579->20580 20581 7ff6b7976843 20579->20581 20582 7ff6b79767b2 GetFileInformationByHandle 20580->20582 20586 7ff6b7976abc 21 API calls 20580->20586 20583 7ff6b797686d 20581->20583 20584 7ff6b797684b 20581->20584 20587 7ff6b79767db 20582->20587 20588 7ff6b797685e GetLastError 20582->20588 20585 7ff6b7976890 PeekNamedPipe 20583->20585 20604 7ff6b797682e 20583->20604 20584->20588 20589 7ff6b797684f 20584->20589 20585->20604 20590 7ff6b79767a0 20586->20590 20591 7ff6b7976980 51 API calls 20587->20591 20593 7ff6b7975dbc _fread_nolock 11 API calls 20588->20593 20592 7ff6b7975e48 _get_daylight 11 API calls 20589->20592 20590->20582 20590->20604 20595 7ff6b79767e6 20591->20595 20592->20604 20593->20604 20594 7ff6b796bb10 _log10_special 8 API calls 20596 7ff6b7976670 20594->20596 20643 7ff6b79768e0 20595->20643 20596->20569 20596->20570 20599 7ff6b79768e0 10 API calls 20600 7ff6b7976805 20599->20600 20601 7ff6b79768e0 10 API calls 20600->20601 20602 7ff6b7976816 20601->20602 20603 7ff6b7975e48 _get_daylight 11 API calls 20602->20603 20602->20604 20603->20604 20604->20594 20606 7ff6b7976bf6 20605->20606 20607 7ff6b7976c8e __vcrt_freefls 20606->20607 20608 7ff6b7975e48 _get_daylight 11 API calls 20606->20608 20609 7ff6b796bb10 _log10_special 8 API calls 20607->20609 20610 7ff6b7976c08 20608->20610 20611 7ff6b797669d 20609->20611 20612 7ff6b7975e48 _get_daylight 11 API calls 20610->20612 20611->20571 20611->20572 20613 7ff6b7976c10 20612->20613 20614 7ff6b7978d44 45 API calls 20613->20614 20615 7ff6b7976c25 20614->20615 20616 7ff6b7976c2d 20615->20616 20617 7ff6b7976c37 20615->20617 20619 7ff6b7975e48 _get_daylight 11 API calls 20616->20619 20618 7ff6b7975e48 _get_daylight 11 API calls 20617->20618 20620 7ff6b7976c3c 20618->20620 20623 7ff6b7976c32 20619->20623 20620->20607 20621 7ff6b7975e48 _get_daylight 11 API calls 20620->20621 20622 7ff6b7976c46 20621->20622 20624 7ff6b7978d44 45 API calls 20622->20624 20623->20607 20625 7ff6b7976c80 GetDriveTypeW 20623->20625 20624->20623 20625->20607 20627 7ff6b79769a8 20626->20627 20635 7ff6b79766d9 20627->20635 20650 7ff6b7980994 20627->20650 20629 7ff6b7976a3c 20630 7ff6b7980994 51 API calls 20629->20630 20629->20635 20631 7ff6b7976a4f 20630->20631 20632 7ff6b7980994 51 API calls 20631->20632 20631->20635 20633 7ff6b7976a62 20632->20633 20634 7ff6b7980994 51 API calls 20633->20634 20633->20635 20634->20635 20636 7ff6b7976abc 20635->20636 20637 7ff6b7976ad6 20636->20637 20638 7ff6b7976b0d 20637->20638 20640 7ff6b7976ae6 20637->20640 20639 7ff6b7980828 21 API calls 20638->20639 20642 7ff6b7976af6 20639->20642 20641 7ff6b7975dbc _fread_nolock 11 API calls 20640->20641 20640->20642 20641->20642 20642->20578 20644 7ff6b79768fc 20643->20644 20645 7ff6b7976909 FileTimeToSystemTime 20643->20645 20644->20645 20647 7ff6b7976904 20644->20647 20646 7ff6b797691d SystemTimeToTzSpecificLocalTime 20645->20646 20645->20647 20646->20647 20648 7ff6b796bb10 _log10_special 8 API calls 20647->20648 20649 7ff6b79767f5 20648->20649 20649->20599 20651 7ff6b79809a1 20650->20651 20652 7ff6b79809c5 20650->20652 20651->20652 20653 7ff6b79809a6 20651->20653 20655 7ff6b79809ff 20652->20655 20656 7ff6b7980a1e 20652->20656 20654 7ff6b7975e48 _get_daylight 11 API calls 20653->20654 20657 7ff6b79809ab 20654->20657 20658 7ff6b7975e48 _get_daylight 11 API calls 20655->20658 20659 7ff6b7975e8c 45 API calls 20656->20659 20660 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20657->20660 20661 7ff6b7980a04 20658->20661 20662 7ff6b7980a2b 20659->20662 20663 7ff6b79809b6 20660->20663 20664 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20661->20664 20665 7ff6b7980a0f 20662->20665 20666 7ff6b798174c 51 API calls 20662->20666 20663->20629 20664->20665 20665->20629 20666->20662 21279 7ff6b798bfd9 21282 7ff6b79762e8 LeaveCriticalSection 21279->21282 21099 7ff6b798c06e 21100 7ff6b798c07d 21099->21100 21102 7ff6b798c087 21099->21102 21103 7ff6b79815a8 LeaveCriticalSection 21100->21103 19979 7ff6b7981b38 19980 7ff6b7981b5c 19979->19980 19984 7ff6b7981b6c 19979->19984 19981 7ff6b7975e48 _get_daylight 11 API calls 19980->19981 19982 7ff6b7981b61 19981->19982 19983 7ff6b7981e4c 19985 7ff6b7975e48 _get_daylight 11 API calls 19983->19985 19984->19983 19986 7ff6b7981b8e 19984->19986 19988 7ff6b7981e51 19985->19988 19987 7ff6b7981baf 19986->19987 20110 7ff6b79821f4 19986->20110 19991 7ff6b7981c21 19987->19991 19992 7ff6b7981bd5 19987->19992 20005 7ff6b7981c15 19987->20005 19990 7ff6b797b464 __free_lconv_mon 11 API calls 19988->19990 19990->19982 19994 7ff6b797fe04 _get_daylight 11 API calls 19991->19994 19996 7ff6b7981be4 19991->19996 20125 7ff6b797a5fc 19992->20125 19997 7ff6b7981c37 19994->19997 20000 7ff6b797b464 __free_lconv_mon 11 API calls 19996->20000 20001 7ff6b797b464 __free_lconv_mon 11 API calls 19997->20001 19999 7ff6b7981cce 20004 7ff6b7981ceb 19999->20004 20011 7ff6b7981d3d 19999->20011 20000->19982 20006 7ff6b7981c45 20001->20006 20002 7ff6b7981bfd 20002->20005 20010 7ff6b79821f4 45 API calls 20002->20010 20003 7ff6b7981bdf 20007 7ff6b7975e48 _get_daylight 11 API calls 20003->20007 20008 7ff6b797b464 __free_lconv_mon 11 API calls 20004->20008 20005->19996 20005->19999 20131 7ff6b798839c 20005->20131 20006->19996 20006->20005 20014 7ff6b797fe04 _get_daylight 11 API calls 20006->20014 20007->19996 20009 7ff6b7981cf4 20008->20009 20019 7ff6b7981cf9 20009->20019 20167 7ff6b798464c 20009->20167 20010->20005 20011->19996 20012 7ff6b798464c 40 API calls 20011->20012 20013 7ff6b7981d7a 20012->20013 20015 7ff6b797b464 __free_lconv_mon 11 API calls 20013->20015 20017 7ff6b7981c67 20014->20017 20018 7ff6b7981d84 20015->20018 20022 7ff6b797b464 __free_lconv_mon 11 API calls 20017->20022 20018->19996 20018->20019 20020 7ff6b7981e40 20019->20020 20025 7ff6b797fe04 _get_daylight 11 API calls 20019->20025 20024 7ff6b797b464 __free_lconv_mon 11 API calls 20020->20024 20021 7ff6b7981d25 20023 7ff6b797b464 __free_lconv_mon 11 API calls 20021->20023 20022->20005 20023->20019 20024->19982 20026 7ff6b7981dc8 20025->20026 20027 7ff6b7981dd9 20026->20027 20028 7ff6b7981dd0 20026->20028 20030 7ff6b797b3ac __std_exception_copy 37 API calls 20027->20030 20029 7ff6b797b464 __free_lconv_mon 11 API calls 20028->20029 20032 7ff6b7981dd7 20029->20032 20031 7ff6b7981de8 20030->20031 20033 7ff6b7981e7b 20031->20033 20034 7ff6b7981df0 20031->20034 20037 7ff6b797b464 __free_lconv_mon 11 API calls 20032->20037 20036 7ff6b797b844 _isindst 17 API calls 20033->20036 20176 7ff6b79884b4 20034->20176 20039 7ff6b7981e8f 20036->20039 20037->19982 20042 7ff6b7981eb8 20039->20042 20048 7ff6b7981ec8 20039->20048 20040 7ff6b7981e38 20045 7ff6b797b464 __free_lconv_mon 11 API calls 20040->20045 20041 7ff6b7981e17 20043 7ff6b7975e48 _get_daylight 11 API calls 20041->20043 20044 7ff6b7975e48 _get_daylight 11 API calls 20042->20044 20046 7ff6b7981e1c 20043->20046 20069 7ff6b7981ebd 20044->20069 20045->20020 20049 7ff6b797b464 __free_lconv_mon 11 API calls 20046->20049 20047 7ff6b79821ab 20051 7ff6b7975e48 _get_daylight 11 API calls 20047->20051 20048->20047 20050 7ff6b7981eea 20048->20050 20049->20032 20052 7ff6b7981f07 20050->20052 20195 7ff6b79822dc 20050->20195 20053 7ff6b79821b0 20051->20053 20056 7ff6b7981f7b 20052->20056 20058 7ff6b7981f2f 20052->20058 20063 7ff6b7981f6f 20052->20063 20055 7ff6b797b464 __free_lconv_mon 11 API calls 20053->20055 20055->20069 20060 7ff6b7981fa3 20056->20060 20064 7ff6b797fe04 _get_daylight 11 API calls 20056->20064 20080 7ff6b7981f3e 20056->20080 20057 7ff6b798202e 20068 7ff6b798204b 20057->20068 20077 7ff6b798209e 20057->20077 20210 7ff6b797a638 20058->20210 20060->20063 20066 7ff6b797fe04 _get_daylight 11 API calls 20060->20066 20060->20080 20062 7ff6b797b464 __free_lconv_mon 11 API calls 20062->20069 20063->20057 20063->20080 20216 7ff6b798825c 20063->20216 20070 7ff6b7981f95 20064->20070 20067 7ff6b7981fc5 20066->20067 20073 7ff6b797b464 __free_lconv_mon 11 API calls 20067->20073 20074 7ff6b797b464 __free_lconv_mon 11 API calls 20068->20074 20075 7ff6b797b464 __free_lconv_mon 11 API calls 20070->20075 20071 7ff6b7981f39 20076 7ff6b7975e48 _get_daylight 11 API calls 20071->20076 20072 7ff6b7981f57 20072->20063 20079 7ff6b79822dc 45 API calls 20072->20079 20073->20063 20078 7ff6b7982054 20074->20078 20075->20060 20076->20080 20077->20080 20081 7ff6b798464c 40 API calls 20077->20081 20084 7ff6b798464c 40 API calls 20078->20084 20086 7ff6b798205a 20078->20086 20079->20063 20080->20062 20082 7ff6b79820dc 20081->20082 20083 7ff6b797b464 __free_lconv_mon 11 API calls 20082->20083 20085 7ff6b79820e6 20083->20085 20088 7ff6b7982086 20084->20088 20085->20080 20085->20086 20087 7ff6b798219f 20086->20087 20091 7ff6b797fe04 _get_daylight 11 API calls 20086->20091 20090 7ff6b797b464 __free_lconv_mon 11 API calls 20087->20090 20089 7ff6b797b464 __free_lconv_mon 11 API calls 20088->20089 20089->20086 20090->20069 20092 7ff6b798212b 20091->20092 20093 7ff6b798213c 20092->20093 20094 7ff6b7982133 20092->20094 20095 7ff6b79816e4 37 API calls 20093->20095 20096 7ff6b797b464 __free_lconv_mon 11 API calls 20094->20096 20097 7ff6b798214a 20095->20097 20098 7ff6b798213a 20096->20098 20099 7ff6b7982152 SetEnvironmentVariableW 20097->20099 20100 7ff6b79821df 20097->20100 20104 7ff6b797b464 __free_lconv_mon 11 API calls 20098->20104 20101 7ff6b7982197 20099->20101 20102 7ff6b7982176 20099->20102 20103 7ff6b797b844 _isindst 17 API calls 20100->20103 20107 7ff6b797b464 __free_lconv_mon 11 API calls 20101->20107 20105 7ff6b7975e48 _get_daylight 11 API calls 20102->20105 20106 7ff6b79821f3 20103->20106 20104->20069 20108 7ff6b798217b 20105->20108 20107->20087 20109 7ff6b797b464 __free_lconv_mon 11 API calls 20108->20109 20109->20098 20111 7ff6b7982229 20110->20111 20117 7ff6b7982211 20110->20117 20112 7ff6b797fe04 _get_daylight 11 API calls 20111->20112 20120 7ff6b798224d 20112->20120 20113 7ff6b79822ae 20115 7ff6b797b464 __free_lconv_mon 11 API calls 20113->20115 20114 7ff6b797b40c _CallSETranslator 45 API calls 20116 7ff6b79822d8 20114->20116 20115->20117 20117->19987 20118 7ff6b797fe04 _get_daylight 11 API calls 20118->20120 20119 7ff6b797b464 __free_lconv_mon 11 API calls 20119->20120 20120->20113 20120->20118 20120->20119 20121 7ff6b797b3ac __std_exception_copy 37 API calls 20120->20121 20122 7ff6b79822bd 20120->20122 20124 7ff6b79822d2 20120->20124 20121->20120 20123 7ff6b797b844 _isindst 17 API calls 20122->20123 20123->20124 20124->20114 20126 7ff6b797a60c 20125->20126 20130 7ff6b797a615 20125->20130 20126->20130 20240 7ff6b797a0d4 20126->20240 20130->20002 20130->20003 20132 7ff6b79874c4 20131->20132 20133 7ff6b79883a9 20131->20133 20134 7ff6b7987507 20132->20134 20138 7ff6b79874d1 20132->20138 20135 7ff6b7975e8c 45 API calls 20133->20135 20136 7ff6b7987531 20134->20136 20146 7ff6b7987556 20134->20146 20140 7ff6b79883dd 20135->20140 20141 7ff6b7975e48 _get_daylight 11 API calls 20136->20141 20137 7ff6b7975e48 _get_daylight 11 API calls 20142 7ff6b79874db 20137->20142 20138->20137 20155 7ff6b7987478 20138->20155 20139 7ff6b79883e2 20139->20005 20140->20139 20144 7ff6b79883f3 20140->20144 20148 7ff6b798840a 20140->20148 20143 7ff6b7987536 20141->20143 20145 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20142->20145 20147 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20143->20147 20149 7ff6b7975e48 _get_daylight 11 API calls 20144->20149 20150 7ff6b79874e6 20145->20150 20154 7ff6b7975e8c 45 API calls 20146->20154 20160 7ff6b7987541 20146->20160 20147->20160 20152 7ff6b7988414 20148->20152 20153 7ff6b7988426 20148->20153 20151 7ff6b79883f8 20149->20151 20150->20005 20158 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20151->20158 20159 7ff6b7975e48 _get_daylight 11 API calls 20152->20159 20156 7ff6b798844e 20153->20156 20157 7ff6b7988437 20153->20157 20154->20160 20155->20005 20466 7ff6b798a1bc 20156->20466 20457 7ff6b7987514 20157->20457 20158->20139 20163 7ff6b7988419 20159->20163 20160->20005 20165 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20163->20165 20165->20139 20166 7ff6b7975e48 _get_daylight 11 API calls 20166->20139 20168 7ff6b798468b 20167->20168 20169 7ff6b798466e 20167->20169 20171 7ff6b7984695 20168->20171 20506 7ff6b7988ea8 20168->20506 20169->20168 20170 7ff6b798467c 20169->20170 20172 7ff6b7975e48 _get_daylight 11 API calls 20170->20172 20513 7ff6b7988ee4 20171->20513 20175 7ff6b7984681 memcpy_s 20172->20175 20175->20021 20177 7ff6b7975e8c 45 API calls 20176->20177 20178 7ff6b798851a 20177->20178 20180 7ff6b7988528 20178->20180 20525 7ff6b7980190 20178->20525 20528 7ff6b7976468 20180->20528 20183 7ff6b7988614 20186 7ff6b7988625 20183->20186 20187 7ff6b797b464 __free_lconv_mon 11 API calls 20183->20187 20184 7ff6b7975e8c 45 API calls 20185 7ff6b7988597 20184->20185 20190 7ff6b7980190 5 API calls 20185->20190 20192 7ff6b79885a0 20185->20192 20188 7ff6b7981e13 20186->20188 20189 7ff6b797b464 __free_lconv_mon 11 API calls 20186->20189 20187->20186 20188->20040 20188->20041 20189->20188 20190->20192 20191 7ff6b7976468 14 API calls 20193 7ff6b79885fb 20191->20193 20192->20191 20193->20183 20194 7ff6b7988603 SetEnvironmentVariableW 20193->20194 20194->20183 20196 7ff6b798231c 20195->20196 20197 7ff6b79822ff 20195->20197 20198 7ff6b797fe04 _get_daylight 11 API calls 20196->20198 20197->20052 20204 7ff6b7982340 20198->20204 20199 7ff6b79823a1 20202 7ff6b797b464 __free_lconv_mon 11 API calls 20199->20202 20200 7ff6b797b40c _CallSETranslator 45 API calls 20201 7ff6b79823ca 20200->20201 20202->20197 20203 7ff6b797fe04 _get_daylight 11 API calls 20203->20204 20204->20199 20204->20203 20205 7ff6b797b464 __free_lconv_mon 11 API calls 20204->20205 20206 7ff6b79816e4 37 API calls 20204->20206 20207 7ff6b79823b0 20204->20207 20209 7ff6b79823c4 20204->20209 20205->20204 20206->20204 20208 7ff6b797b844 _isindst 17 API calls 20207->20208 20208->20209 20209->20200 20211 7ff6b797a648 20210->20211 20215 7ff6b797a651 20210->20215 20212 7ff6b797a148 40 API calls 20211->20212 20211->20215 20213 7ff6b797a65a 20212->20213 20214 7ff6b797a508 12 API calls 20213->20214 20213->20215 20214->20215 20215->20071 20215->20072 20217 7ff6b7988269 20216->20217 20220 7ff6b7988296 20216->20220 20218 7ff6b798826e 20217->20218 20217->20220 20219 7ff6b7975e48 _get_daylight 11 API calls 20218->20219 20222 7ff6b7988273 20219->20222 20221 7ff6b79882da 20220->20221 20224 7ff6b79882f9 20220->20224 20238 7ff6b79882ce __crtLCMapStringW 20220->20238 20223 7ff6b7975e48 _get_daylight 11 API calls 20221->20223 20225 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20222->20225 20226 7ff6b79882df 20223->20226 20227 7ff6b7988303 20224->20227 20228 7ff6b7988315 20224->20228 20229 7ff6b798827e 20225->20229 20231 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20226->20231 20232 7ff6b7975e48 _get_daylight 11 API calls 20227->20232 20230 7ff6b7975e8c 45 API calls 20228->20230 20229->20063 20233 7ff6b7988322 20230->20233 20231->20238 20234 7ff6b7988308 20232->20234 20233->20238 20550 7ff6b7989d78 20233->20550 20235 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20234->20235 20235->20238 20238->20063 20239 7ff6b7975e48 _get_daylight 11 API calls 20239->20238 20241 7ff6b797a0ed 20240->20241 20254 7ff6b797a0e9 20240->20254 20263 7ff6b7983860 20241->20263 20246 7ff6b797a10b 20289 7ff6b797a1b8 20246->20289 20247 7ff6b797a0ff 20248 7ff6b797b464 __free_lconv_mon 11 API calls 20247->20248 20248->20254 20251 7ff6b797b464 __free_lconv_mon 11 API calls 20252 7ff6b797a132 20251->20252 20253 7ff6b797b464 __free_lconv_mon 11 API calls 20252->20253 20253->20254 20254->20130 20255 7ff6b797a428 20254->20255 20256 7ff6b797a451 20255->20256 20259 7ff6b797a46a 20255->20259 20256->20130 20257 7ff6b7981a58 WideCharToMultiByte 20257->20259 20258 7ff6b797fe04 _get_daylight 11 API calls 20258->20259 20259->20256 20259->20257 20259->20258 20260 7ff6b797a4fa 20259->20260 20262 7ff6b797b464 __free_lconv_mon 11 API calls 20259->20262 20261 7ff6b797b464 __free_lconv_mon 11 API calls 20260->20261 20261->20256 20262->20259 20264 7ff6b798386d 20263->20264 20268 7ff6b797a0f2 20263->20268 20308 7ff6b797c124 20264->20308 20269 7ff6b7983b9c GetEnvironmentStringsW 20268->20269 20270 7ff6b7983bcc 20269->20270 20271 7ff6b797a0f7 20269->20271 20272 7ff6b7981a58 WideCharToMultiByte 20270->20272 20271->20246 20271->20247 20273 7ff6b7983c1d 20272->20273 20274 7ff6b7983c24 FreeEnvironmentStringsW 20273->20274 20275 7ff6b797e6c4 _fread_nolock 12 API calls 20273->20275 20274->20271 20276 7ff6b7983c37 20275->20276 20277 7ff6b7983c48 20276->20277 20278 7ff6b7983c3f 20276->20278 20280 7ff6b7981a58 WideCharToMultiByte 20277->20280 20279 7ff6b797b464 __free_lconv_mon 11 API calls 20278->20279 20281 7ff6b7983c46 20279->20281 20282 7ff6b7983c6b 20280->20282 20281->20274 20283 7ff6b7983c79 20282->20283 20284 7ff6b7983c6f 20282->20284 20285 7ff6b797b464 __free_lconv_mon 11 API calls 20283->20285 20286 7ff6b797b464 __free_lconv_mon 11 API calls 20284->20286 20287 7ff6b7983c77 FreeEnvironmentStringsW 20285->20287 20286->20287 20287->20271 20290 7ff6b797a1dd 20289->20290 20291 7ff6b797fe04 _get_daylight 11 API calls 20290->20291 20300 7ff6b797a213 20291->20300 20292 7ff6b797b464 __free_lconv_mon 11 API calls 20293 7ff6b797a113 20292->20293 20293->20251 20294 7ff6b797a28e 20295 7ff6b797b464 __free_lconv_mon 11 API calls 20294->20295 20295->20293 20296 7ff6b797fe04 _get_daylight 11 API calls 20296->20300 20297 7ff6b797a27d 20299 7ff6b797a3e4 11 API calls 20297->20299 20298 7ff6b797b3ac __std_exception_copy 37 API calls 20298->20300 20301 7ff6b797a285 20299->20301 20300->20294 20300->20296 20300->20297 20300->20298 20302 7ff6b797a2b3 20300->20302 20305 7ff6b797b464 __free_lconv_mon 11 API calls 20300->20305 20306 7ff6b797a21b 20300->20306 20303 7ff6b797b464 __free_lconv_mon 11 API calls 20301->20303 20304 7ff6b797b844 _isindst 17 API calls 20302->20304 20303->20306 20307 7ff6b797a2c6 20304->20307 20305->20300 20306->20292 20309 7ff6b797c135 FlsGetValue 20308->20309 20310 7ff6b797c150 FlsSetValue 20308->20310 20311 7ff6b797c14a 20309->20311 20312 7ff6b797c142 20309->20312 20310->20312 20313 7ff6b797c15d 20310->20313 20311->20310 20314 7ff6b797c148 20312->20314 20315 7ff6b797b40c _CallSETranslator 45 API calls 20312->20315 20316 7ff6b797fe04 _get_daylight 11 API calls 20313->20316 20328 7ff6b7983534 20314->20328 20317 7ff6b797c1c5 20315->20317 20318 7ff6b797c16c 20316->20318 20319 7ff6b797c18a FlsSetValue 20318->20319 20320 7ff6b797c17a FlsSetValue 20318->20320 20322 7ff6b797c1a8 20319->20322 20323 7ff6b797c196 FlsSetValue 20319->20323 20321 7ff6b797c183 20320->20321 20324 7ff6b797b464 __free_lconv_mon 11 API calls 20321->20324 20325 7ff6b797bdfc _get_daylight 11 API calls 20322->20325 20323->20321 20324->20312 20326 7ff6b797c1b0 20325->20326 20327 7ff6b797b464 __free_lconv_mon 11 API calls 20326->20327 20327->20314 20351 7ff6b79837a4 20328->20351 20330 7ff6b7983569 20366 7ff6b7983234 20330->20366 20333 7ff6b797e6c4 _fread_nolock 12 API calls 20334 7ff6b7983597 20333->20334 20335 7ff6b798359f 20334->20335 20337 7ff6b79835ae 20334->20337 20336 7ff6b797b464 __free_lconv_mon 11 API calls 20335->20336 20346 7ff6b7983586 20336->20346 20337->20337 20373 7ff6b79838dc 20337->20373 20340 7ff6b79836aa 20341 7ff6b7975e48 _get_daylight 11 API calls 20340->20341 20343 7ff6b79836af 20341->20343 20342 7ff6b7983705 20350 7ff6b798376c 20342->20350 20384 7ff6b7983064 20342->20384 20345 7ff6b797b464 __free_lconv_mon 11 API calls 20343->20345 20344 7ff6b79836c4 20344->20342 20347 7ff6b797b464 __free_lconv_mon 11 API calls 20344->20347 20345->20346 20346->20268 20347->20342 20349 7ff6b797b464 __free_lconv_mon 11 API calls 20349->20346 20350->20349 20352 7ff6b79837c7 20351->20352 20353 7ff6b79837d1 20352->20353 20399 7ff6b7981548 EnterCriticalSection 20352->20399 20357 7ff6b7983843 20353->20357 20358 7ff6b797b40c _CallSETranslator 45 API calls 20353->20358 20357->20330 20360 7ff6b798385b 20358->20360 20361 7ff6b79838b2 20360->20361 20363 7ff6b797c124 50 API calls 20360->20363 20361->20330 20364 7ff6b798389c 20363->20364 20365 7ff6b7983534 65 API calls 20364->20365 20365->20361 20367 7ff6b7975e8c 45 API calls 20366->20367 20368 7ff6b7983248 20367->20368 20369 7ff6b7983266 20368->20369 20370 7ff6b7983254 GetOEMCP 20368->20370 20371 7ff6b798327b 20369->20371 20372 7ff6b798326b GetACP 20369->20372 20370->20371 20371->20333 20371->20346 20372->20371 20374 7ff6b7983234 47 API calls 20373->20374 20375 7ff6b7983909 20374->20375 20376 7ff6b7983a5f 20375->20376 20378 7ff6b7983946 IsValidCodePage 20375->20378 20383 7ff6b7983960 memcpy_s 20375->20383 20377 7ff6b796bb10 _log10_special 8 API calls 20376->20377 20379 7ff6b79836a1 20377->20379 20378->20376 20380 7ff6b7983957 20378->20380 20379->20340 20379->20344 20381 7ff6b7983986 GetCPInfo 20380->20381 20380->20383 20381->20376 20381->20383 20400 7ff6b798334c 20383->20400 20456 7ff6b7981548 EnterCriticalSection 20384->20456 20401 7ff6b7983389 GetCPInfo 20400->20401 20402 7ff6b798347f 20400->20402 20401->20402 20406 7ff6b798339c 20401->20406 20403 7ff6b796bb10 _log10_special 8 API calls 20402->20403 20405 7ff6b798351e 20403->20405 20404 7ff6b79840b0 48 API calls 20407 7ff6b7983413 20404->20407 20405->20376 20406->20404 20411 7ff6b7988df4 20407->20411 20410 7ff6b7988df4 54 API calls 20410->20402 20412 7ff6b7975e8c 45 API calls 20411->20412 20413 7ff6b7988e19 20412->20413 20416 7ff6b7988ac0 20413->20416 20417 7ff6b7988b01 20416->20417 20418 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20417->20418 20421 7ff6b7988b4b 20418->20421 20419 7ff6b7988dc9 20420 7ff6b796bb10 _log10_special 8 API calls 20419->20420 20422 7ff6b7983446 20420->20422 20421->20419 20423 7ff6b797e6c4 _fread_nolock 12 API calls 20421->20423 20424 7ff6b7988c81 20421->20424 20426 7ff6b7988b83 20421->20426 20422->20410 20423->20426 20424->20419 20425 7ff6b797b464 __free_lconv_mon 11 API calls 20424->20425 20425->20419 20426->20424 20427 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20426->20427 20428 7ff6b7988bf6 20427->20428 20428->20424 20447 7ff6b7980350 20428->20447 20431 7ff6b7988c41 20431->20424 20434 7ff6b7980350 __crtLCMapStringW 6 API calls 20431->20434 20432 7ff6b7988c92 20433 7ff6b797e6c4 _fread_nolock 12 API calls 20432->20433 20435 7ff6b7988d64 20432->20435 20436 7ff6b7988cb0 20432->20436 20433->20436 20434->20424 20435->20424 20437 7ff6b797b464 __free_lconv_mon 11 API calls 20435->20437 20436->20424 20438 7ff6b7980350 __crtLCMapStringW 6 API calls 20436->20438 20437->20424 20439 7ff6b7988d30 20438->20439 20439->20435 20440 7ff6b7988d50 20439->20440 20441 7ff6b7988d66 20439->20441 20442 7ff6b7981a58 WideCharToMultiByte 20440->20442 20443 7ff6b7981a58 WideCharToMultiByte 20441->20443 20444 7ff6b7988d5e 20442->20444 20443->20444 20444->20435 20445 7ff6b7988d7e 20444->20445 20445->20424 20446 7ff6b797b464 __free_lconv_mon 11 API calls 20445->20446 20446->20424 20448 7ff6b797ff7c __crtLCMapStringW 5 API calls 20447->20448 20449 7ff6b798038e 20448->20449 20450 7ff6b7980396 20449->20450 20453 7ff6b798043c 20449->20453 20450->20424 20450->20431 20450->20432 20452 7ff6b79803ff LCMapStringW 20452->20450 20454 7ff6b797ff7c __crtLCMapStringW 5 API calls 20453->20454 20455 7ff6b798046a __crtLCMapStringW 20454->20455 20455->20452 20458 7ff6b7987548 20457->20458 20459 7ff6b7987531 20457->20459 20458->20459 20462 7ff6b7987556 20458->20462 20460 7ff6b7975e48 _get_daylight 11 API calls 20459->20460 20461 7ff6b7987536 20460->20461 20463 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20461->20463 20464 7ff6b7975e8c 45 API calls 20462->20464 20465 7ff6b7987541 20462->20465 20463->20465 20464->20465 20465->20139 20467 7ff6b7975e8c 45 API calls 20466->20467 20468 7ff6b798a1e1 20467->20468 20471 7ff6b7989e38 20468->20471 20474 7ff6b7989e86 20471->20474 20472 7ff6b796bb10 _log10_special 8 API calls 20473 7ff6b7988475 20472->20473 20473->20139 20473->20166 20475 7ff6b7989f0d 20474->20475 20477 7ff6b7989ef8 GetCPInfo 20474->20477 20480 7ff6b7989f11 20474->20480 20476 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20475->20476 20475->20480 20478 7ff6b7989fa5 20476->20478 20477->20475 20477->20480 20479 7ff6b797e6c4 _fread_nolock 12 API calls 20478->20479 20478->20480 20481 7ff6b7989fdc 20478->20481 20479->20481 20480->20472 20481->20480 20482 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20481->20482 20483 7ff6b798a04a 20482->20483 20484 7ff6b798a12c 20483->20484 20485 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20483->20485 20484->20480 20486 7ff6b797b464 __free_lconv_mon 11 API calls 20484->20486 20487 7ff6b798a070 20485->20487 20486->20480 20487->20484 20488 7ff6b797e6c4 _fread_nolock 12 API calls 20487->20488 20489 7ff6b798a09d 20487->20489 20488->20489 20489->20484 20490 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20489->20490 20491 7ff6b798a114 20490->20491 20492 7ff6b798a134 20491->20492 20493 7ff6b798a11a 20491->20493 20500 7ff6b79801d4 20492->20500 20493->20484 20495 7ff6b797b464 __free_lconv_mon 11 API calls 20493->20495 20495->20484 20497 7ff6b798a173 20497->20480 20499 7ff6b797b464 __free_lconv_mon 11 API calls 20497->20499 20498 7ff6b797b464 __free_lconv_mon 11 API calls 20498->20497 20499->20480 20501 7ff6b797ff7c __crtLCMapStringW 5 API calls 20500->20501 20502 7ff6b7980212 20501->20502 20503 7ff6b798021a 20502->20503 20504 7ff6b798043c __crtLCMapStringW 5 API calls 20502->20504 20503->20497 20503->20498 20505 7ff6b7980283 CompareStringW 20504->20505 20505->20503 20507 7ff6b7988eb1 20506->20507 20508 7ff6b7988eca HeapSize 20506->20508 20509 7ff6b7975e48 _get_daylight 11 API calls 20507->20509 20510 7ff6b7988eb6 20509->20510 20511 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 20510->20511 20512 7ff6b7988ec1 20511->20512 20512->20171 20514 7ff6b7988f03 20513->20514 20515 7ff6b7988ef9 20513->20515 20517 7ff6b7988f08 20514->20517 20523 7ff6b7988f0f _get_daylight 20514->20523 20516 7ff6b797e6c4 _fread_nolock 12 API calls 20515->20516 20522 7ff6b7988f01 20516->20522 20520 7ff6b797b464 __free_lconv_mon 11 API calls 20517->20520 20518 7ff6b7988f42 HeapReAlloc 20518->20522 20518->20523 20519 7ff6b7988f15 20521 7ff6b7975e48 _get_daylight 11 API calls 20519->20521 20520->20522 20521->20522 20522->20175 20523->20518 20523->20519 20524 7ff6b7984800 _get_daylight 2 API calls 20523->20524 20524->20523 20526 7ff6b797ff7c __crtLCMapStringW 5 API calls 20525->20526 20527 7ff6b79801b0 20526->20527 20527->20180 20529 7ff6b79764b6 20528->20529 20530 7ff6b7976492 20528->20530 20531 7ff6b79764bb 20529->20531 20532 7ff6b7976510 20529->20532 20534 7ff6b797b464 __free_lconv_mon 11 API calls 20530->20534 20538 7ff6b79764a1 20530->20538 20535 7ff6b79764d0 20531->20535 20531->20538 20539 7ff6b797b464 __free_lconv_mon 11 API calls 20531->20539 20533 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20532->20533 20544 7ff6b797652c 20533->20544 20534->20538 20536 7ff6b797e6c4 _fread_nolock 12 API calls 20535->20536 20536->20538 20537 7ff6b7976533 GetLastError 20540 7ff6b7975dbc _fread_nolock 11 API calls 20537->20540 20538->20183 20538->20184 20539->20535 20543 7ff6b7976540 20540->20543 20541 7ff6b797656e 20541->20538 20542 7ff6b7980b10 _fread_nolock MultiByteToWideChar 20541->20542 20547 7ff6b79765b2 20542->20547 20548 7ff6b7975e48 _get_daylight 11 API calls 20543->20548 20544->20537 20544->20541 20545 7ff6b7976561 20544->20545 20549 7ff6b797b464 __free_lconv_mon 11 API calls 20544->20549 20546 7ff6b797e6c4 _fread_nolock 12 API calls 20545->20546 20546->20541 20547->20537 20547->20538 20548->20538 20549->20545 20551 7ff6b7989da1 __crtLCMapStringW 20550->20551 20552 7ff6b79801d4 6 API calls 20551->20552 20553 7ff6b798835e 20551->20553 20552->20553 20553->20238 20553->20239 21164 7ff6b798be53 21165 7ff6b798be63 21164->21165 21168 7ff6b79762e8 LeaveCriticalSection 21165->21168 20781 7ff6b79826d0 20799 7ff6b7981548 EnterCriticalSection 20781->20799 20800 7ff6b797bed0 20801 7ff6b797bed5 20800->20801 20802 7ff6b797beea 20800->20802 20806 7ff6b797bef0 20801->20806 20807 7ff6b797bf32 20806->20807 20808 7ff6b797bf3a 20806->20808 20810 7ff6b797b464 __free_lconv_mon 11 API calls 20807->20810 20809 7ff6b797b464 __free_lconv_mon 11 API calls 20808->20809 20811 7ff6b797bf47 20809->20811 20810->20808 20812 7ff6b797b464 __free_lconv_mon 11 API calls 20811->20812 20813 7ff6b797bf54 20812->20813 20814 7ff6b797b464 __free_lconv_mon 11 API calls 20813->20814 20815 7ff6b797bf61 20814->20815 20816 7ff6b797b464 __free_lconv_mon 11 API calls 20815->20816 20817 7ff6b797bf6e 20816->20817 20818 7ff6b797b464 __free_lconv_mon 11 API calls 20817->20818 20819 7ff6b797bf7b 20818->20819 20820 7ff6b797b464 __free_lconv_mon 11 API calls 20819->20820 20821 7ff6b797bf88 20820->20821 20822 7ff6b797b464 __free_lconv_mon 11 API calls 20821->20822 20823 7ff6b797bf95 20822->20823 20824 7ff6b797b464 __free_lconv_mon 11 API calls 20823->20824 20825 7ff6b797bfa5 20824->20825 20826 7ff6b797b464 __free_lconv_mon 11 API calls 20825->20826 20827 7ff6b797bfb5 20826->20827 20832 7ff6b797bd9c 20827->20832 20846 7ff6b7981548 EnterCriticalSection 20832->20846 20848 7ff6b797acd0 20851 7ff6b797ac48 20848->20851 20858 7ff6b7981548 EnterCriticalSection 20851->20858 19936 7ff6b797a899 19937 7ff6b797b358 45 API calls 19936->19937 19938 7ff6b797a89e 19937->19938 19939 7ff6b797a8c5 GetModuleHandleW 19938->19939 19940 7ff6b797a90f 19938->19940 19939->19940 19945 7ff6b797a8d2 19939->19945 19948 7ff6b797a79c 19940->19948 19945->19940 19962 7ff6b797a9c0 GetModuleHandleExW 19945->19962 19968 7ff6b7981548 EnterCriticalSection 19948->19968 19963 7ff6b797aa1d 19962->19963 19964 7ff6b797a9f4 GetProcAddress 19962->19964 19966 7ff6b797aa29 19963->19966 19967 7ff6b797aa22 FreeLibrary 19963->19967 19965 7ff6b797aa06 19964->19965 19965->19963 19966->19940 19967->19966 20667 7ff6b796b0a0 20668 7ff6b796b0ce 20667->20668 20669 7ff6b796b0b5 20667->20669 20669->20668 20671 7ff6b797e6c4 12 API calls 20669->20671 20670 7ff6b796b12e 20671->20670 20870 7ff6b7982920 20881 7ff6b7988654 20870->20881 20882 7ff6b7988661 20881->20882 20883 7ff6b797b464 __free_lconv_mon 11 API calls 20882->20883 20884 7ff6b798867d 20882->20884 20883->20882 20885 7ff6b797b464 __free_lconv_mon 11 API calls 20884->20885 20886 7ff6b7982929 20884->20886 20885->20884 20887 7ff6b7981548 EnterCriticalSection 20886->20887 16916 7ff6b796c1fc 16937 7ff6b796c3dc 16916->16937 16919 7ff6b796c21d __scrt_acquire_startup_lock 16922 7ff6b796c35d 16919->16922 16927 7ff6b796c23b __scrt_release_startup_lock 16919->16927 16920 7ff6b796c353 17104 7ff6b796c6fc IsProcessorFeaturePresent 16920->17104 16923 7ff6b796c6fc 7 API calls 16922->16923 16925 7ff6b796c368 _CallSETranslator 16923->16925 16924 7ff6b796c260 16926 7ff6b796c2e6 16945 7ff6b797a6b8 16926->16945 16927->16924 16927->16926 17093 7ff6b797aa64 16927->17093 16930 7ff6b796c2eb 16951 7ff6b7961000 16930->16951 16934 7ff6b796c30f 16934->16925 17100 7ff6b796c560 16934->17100 16938 7ff6b796c3e4 16937->16938 16939 7ff6b796c3f0 __scrt_dllmain_crt_thread_attach 16938->16939 16940 7ff6b796c3fd 16939->16940 16941 7ff6b796c215 16939->16941 17111 7ff6b797b30c 16940->17111 16941->16919 16941->16920 16946 7ff6b797a6c8 16945->16946 16950 7ff6b797a6dd 16945->16950 16946->16950 17154 7ff6b797a148 16946->17154 16950->16930 16952 7ff6b7962b80 16951->16952 17353 7ff6b79763c0 16952->17353 16954 7ff6b7962bbc 17360 7ff6b7962a70 16954->17360 16958 7ff6b796bb10 _log10_special 8 API calls 16960 7ff6b79630ec 16958->16960 17098 7ff6b796c84c GetModuleHandleW 16960->17098 16961 7ff6b7962cdb 17536 7ff6b79639d0 16961->17536 16962 7ff6b7962bfd 17527 7ff6b7961c60 16962->17527 16965 7ff6b7962c1c 17432 7ff6b7967e70 16965->17432 16968 7ff6b7962d2a 17559 7ff6b7961e50 16968->17559 16970 7ff6b7962c4f 16978 7ff6b7962c7b __vcrt_freefls 16970->16978 17531 7ff6b7967fe0 16970->17531 16972 7ff6b7962d1d 16973 7ff6b7962d22 16972->16973 16974 7ff6b7962d45 16972->16974 17555 7ff6b796f5a4 16973->17555 16976 7ff6b7961c60 49 API calls 16974->16976 16979 7ff6b7962d64 16976->16979 16980 7ff6b7967e70 14 API calls 16978->16980 16987 7ff6b7962c9e __vcrt_freefls 16978->16987 16984 7ff6b7961930 115 API calls 16979->16984 16980->16987 16981 7ff6b7967f80 40 API calls 16982 7ff6b7962dcc 16981->16982 16983 7ff6b7967fe0 40 API calls 16982->16983 16985 7ff6b7962dd8 16983->16985 16986 7ff6b7962d8e 16984->16986 16988 7ff6b7967fe0 40 API calls 16985->16988 16986->16965 16989 7ff6b7962d9e 16986->16989 16987->16981 16993 7ff6b7962cce __vcrt_freefls 16987->16993 16990 7ff6b7962de4 16988->16990 16991 7ff6b7961e50 81 API calls 16989->16991 16992 7ff6b7967fe0 40 API calls 16990->16992 17084 7ff6b7962bc9 __vcrt_freefls 16991->17084 16992->16993 16994 7ff6b7967e70 14 API calls 16993->16994 16995 7ff6b7962e04 16994->16995 16996 7ff6b7962ef9 16995->16996 16997 7ff6b7962e29 __vcrt_freefls 16995->16997 16998 7ff6b7961e50 81 API calls 16996->16998 17011 7ff6b7962e6c 16997->17011 17445 7ff6b7967f80 16997->17445 16998->17084 17000 7ff6b796303a 17004 7ff6b7967e70 14 API calls 17000->17004 17001 7ff6b7963033 17570 7ff6b79685b0 17001->17570 17005 7ff6b796304f __vcrt_freefls 17004->17005 17006 7ff6b796308a 17005->17006 17007 7ff6b7963187 17005->17007 17008 7ff6b796311a 17006->17008 17009 7ff6b7963094 17006->17009 17577 7ff6b79638f0 17007->17577 17013 7ff6b7967e70 14 API calls 17008->17013 17452 7ff6b79685c0 17009->17452 17011->17000 17011->17001 17016 7ff6b7963126 17013->17016 17014 7ff6b7963195 17017 7ff6b79631ab 17014->17017 17018 7ff6b79631b7 17014->17018 17020 7ff6b79630a5 17016->17020 17023 7ff6b7963133 17016->17023 17580 7ff6b7963a40 17017->17580 17019 7ff6b7961c60 49 API calls 17018->17019 17031 7ff6b796310e __vcrt_freefls 17019->17031 17026 7ff6b7961e50 81 API calls 17020->17026 17027 7ff6b7961c60 49 API calls 17023->17027 17024 7ff6b796320a 17502 7ff6b7968950 17024->17502 17026->17084 17029 7ff6b7963151 17027->17029 17030 7ff6b7963158 17029->17030 17029->17031 17034 7ff6b7961e50 81 API calls 17030->17034 17031->17024 17032 7ff6b79631ed SetDllDirectoryW LoadLibraryExW 17031->17032 17032->17024 17033 7ff6b796321d SetDllDirectoryW 17036 7ff6b7963250 17033->17036 17080 7ff6b79632a1 17033->17080 17034->17084 17038 7ff6b7967e70 14 API calls 17036->17038 17037 7ff6b7963433 17040 7ff6b796343e 17037->17040 17046 7ff6b7963445 17037->17046 17045 7ff6b796325c __vcrt_freefls 17038->17045 17039 7ff6b7963362 17507 7ff6b7962780 17039->17507 17042 7ff6b79685b0 5 API calls 17040->17042 17044 7ff6b7963443 17042->17044 17044->17046 17047 7ff6b7963339 17045->17047 17051 7ff6b7963295 17045->17051 17657 7ff6b7962720 17046->17657 17050 7ff6b7967f80 40 API calls 17047->17050 17050->17080 17051->17080 17583 7ff6b7966200 17051->17583 17080->17037 17080->17039 17084->16958 17094 7ff6b797aa9c 17093->17094 17095 7ff6b797aa7b 17093->17095 19833 7ff6b797b358 17094->19833 17095->16926 17099 7ff6b796c85d 17098->17099 17099->16934 17101 7ff6b796c571 17100->17101 17102 7ff6b796c326 17101->17102 17103 7ff6b796ce18 7 API calls 17101->17103 17102->16924 17103->17102 17105 7ff6b796c722 memcpy_s _CallSETranslator 17104->17105 17106 7ff6b796c741 RtlCaptureContext RtlLookupFunctionEntry 17105->17106 17107 7ff6b796c76a RtlVirtualUnwind 17106->17107 17108 7ff6b796c7a6 memcpy_s 17106->17108 17107->17108 17109 7ff6b796c7d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17108->17109 17110 7ff6b796c826 _CallSETranslator 17109->17110 17110->16922 17112 7ff6b798471c 17111->17112 17113 7ff6b796c402 17112->17113 17121 7ff6b797d420 17112->17121 17113->16941 17115 7ff6b796ce18 17113->17115 17116 7ff6b796ce2a 17115->17116 17117 7ff6b796ce20 17115->17117 17116->16941 17133 7ff6b796d1b4 17117->17133 17132 7ff6b7981548 EnterCriticalSection 17121->17132 17134 7ff6b796d1c3 17133->17134 17135 7ff6b796ce25 17133->17135 17141 7ff6b796d3f0 17134->17141 17137 7ff6b796d220 17135->17137 17138 7ff6b796d24b 17137->17138 17139 7ff6b796d22e DeleteCriticalSection 17138->17139 17140 7ff6b796d24f 17138->17140 17139->17138 17140->17116 17145 7ff6b796d258 17141->17145 17151 7ff6b796d342 TlsFree 17145->17151 17152 7ff6b796d29c __vcrt_InitializeCriticalSectionEx 17145->17152 17146 7ff6b796d2ca LoadLibraryExW 17148 7ff6b796d2eb GetLastError 17146->17148 17149 7ff6b796d369 17146->17149 17147 7ff6b796d389 GetProcAddress 17147->17151 17148->17152 17149->17147 17150 7ff6b796d380 FreeLibrary 17149->17150 17150->17147 17152->17146 17152->17147 17152->17151 17153 7ff6b796d30d LoadLibraryExW 17152->17153 17153->17149 17153->17152 17155 7ff6b797a161 17154->17155 17162 7ff6b797a15d 17154->17162 17175 7ff6b7983cac GetEnvironmentStringsW 17155->17175 17158 7ff6b797a17a 17188 7ff6b797a2c8 17158->17188 17159 7ff6b797a16e 17182 7ff6b797b464 17159->17182 17162->16950 17167 7ff6b797a508 17162->17167 17164 7ff6b797b464 __free_lconv_mon 11 API calls 17165 7ff6b797a1a1 17164->17165 17166 7ff6b797b464 __free_lconv_mon 11 API calls 17165->17166 17166->17162 17168 7ff6b797a52b 17167->17168 17171 7ff6b797a542 17167->17171 17168->16950 17169 7ff6b7980b10 MultiByteToWideChar _fread_nolock 17169->17171 17170 7ff6b797fe04 _get_daylight 11 API calls 17170->17171 17171->17168 17171->17169 17171->17170 17172 7ff6b797a5b6 17171->17172 17174 7ff6b797b464 __free_lconv_mon 11 API calls 17171->17174 17173 7ff6b797b464 __free_lconv_mon 11 API calls 17172->17173 17173->17168 17174->17171 17176 7ff6b797a166 17175->17176 17177 7ff6b7983cd0 17175->17177 17176->17158 17176->17159 17177->17177 17207 7ff6b797e6c4 17177->17207 17179 7ff6b7983d07 memcpy_s 17180 7ff6b797b464 __free_lconv_mon 11 API calls 17179->17180 17181 7ff6b7983d27 FreeEnvironmentStringsW 17180->17181 17181->17176 17183 7ff6b797b469 RtlFreeHeap 17182->17183 17184 7ff6b797b498 17182->17184 17183->17184 17185 7ff6b797b484 GetLastError 17183->17185 17184->17162 17186 7ff6b797b491 __free_lconv_mon 17185->17186 17187 7ff6b7975e48 _get_daylight 9 API calls 17186->17187 17187->17184 17189 7ff6b797a2f0 17188->17189 17190 7ff6b797fe04 _get_daylight 11 API calls 17189->17190 17201 7ff6b797a32b 17190->17201 17191 7ff6b797a333 17192 7ff6b797b464 __free_lconv_mon 11 API calls 17191->17192 17193 7ff6b797a182 17192->17193 17193->17164 17194 7ff6b797a3ad 17195 7ff6b797b464 __free_lconv_mon 11 API calls 17194->17195 17195->17193 17196 7ff6b797fe04 _get_daylight 11 API calls 17196->17201 17197 7ff6b797a39c 17278 7ff6b797a3e4 17197->17278 17201->17191 17201->17194 17201->17196 17201->17197 17202 7ff6b797a3d0 17201->17202 17204 7ff6b797b464 __free_lconv_mon 11 API calls 17201->17204 17269 7ff6b79816e4 17201->17269 17284 7ff6b797b844 IsProcessorFeaturePresent 17202->17284 17203 7ff6b797b464 __free_lconv_mon 11 API calls 17203->17191 17204->17201 17208 7ff6b797e6d3 _get_daylight 17207->17208 17209 7ff6b797e70f 17207->17209 17208->17209 17211 7ff6b797e6f6 HeapAlloc 17208->17211 17214 7ff6b7984800 17208->17214 17217 7ff6b7975e48 17209->17217 17211->17208 17212 7ff6b797e70d 17211->17212 17212->17179 17220 7ff6b7984840 17214->17220 17226 7ff6b797c1c8 GetLastError 17217->17226 17219 7ff6b7975e51 17219->17212 17225 7ff6b7981548 EnterCriticalSection 17220->17225 17227 7ff6b797c1ec 17226->17227 17228 7ff6b797c209 FlsSetValue 17226->17228 17227->17228 17240 7ff6b797c1f9 SetLastError 17227->17240 17229 7ff6b797c21b 17228->17229 17228->17240 17243 7ff6b797fe04 17229->17243 17233 7ff6b797c248 FlsSetValue 17235 7ff6b797c266 17233->17235 17236 7ff6b797c254 FlsSetValue 17233->17236 17234 7ff6b797c238 FlsSetValue 17237 7ff6b797c241 17234->17237 17250 7ff6b797bdfc 17235->17250 17236->17237 17239 7ff6b797b464 __free_lconv_mon 5 API calls 17237->17239 17239->17240 17240->17219 17248 7ff6b797fe15 _get_daylight 17243->17248 17244 7ff6b797fe66 17247 7ff6b7975e48 _get_daylight 10 API calls 17244->17247 17245 7ff6b797fe4a HeapAlloc 17246 7ff6b797c22a 17245->17246 17245->17248 17246->17233 17246->17234 17247->17246 17248->17244 17248->17245 17249 7ff6b7984800 _get_daylight 2 API calls 17248->17249 17249->17248 17255 7ff6b797bcd4 17250->17255 17267 7ff6b7981548 EnterCriticalSection 17255->17267 17270 7ff6b79816f1 17269->17270 17271 7ff6b79816fb 17269->17271 17270->17271 17275 7ff6b7981717 17270->17275 17272 7ff6b7975e48 _get_daylight 11 API calls 17271->17272 17277 7ff6b7981703 17272->17277 17274 7ff6b798170f 17274->17201 17275->17274 17276 7ff6b7975e48 _get_daylight 11 API calls 17275->17276 17276->17277 17288 7ff6b797b824 17277->17288 17280 7ff6b797a3e9 17278->17280 17283 7ff6b797a3a4 17278->17283 17279 7ff6b797a412 17281 7ff6b797b464 __free_lconv_mon 11 API calls 17279->17281 17280->17279 17282 7ff6b797b464 __free_lconv_mon 11 API calls 17280->17282 17281->17283 17282->17280 17283->17203 17285 7ff6b797b857 17284->17285 17331 7ff6b797b558 17285->17331 17291 7ff6b797b6bc 17288->17291 17290 7ff6b797b83d 17290->17274 17292 7ff6b797b6e7 17291->17292 17295 7ff6b797b758 17292->17295 17294 7ff6b797b70e 17294->17290 17305 7ff6b797b4a0 17295->17305 17298 7ff6b797b793 17298->17294 17301 7ff6b797b844 _isindst 17 API calls 17302 7ff6b797b823 17301->17302 17303 7ff6b797b6bc _invalid_parameter_noinfo 37 API calls 17302->17303 17304 7ff6b797b83d 17303->17304 17304->17294 17306 7ff6b797b4bc GetLastError 17305->17306 17307 7ff6b797b4f7 17305->17307 17308 7ff6b797b4cc 17306->17308 17307->17298 17311 7ff6b797b50c 17307->17311 17314 7ff6b797c290 17308->17314 17312 7ff6b797b528 GetLastError SetLastError 17311->17312 17313 7ff6b797b540 17311->17313 17312->17313 17313->17298 17313->17301 17315 7ff6b797c2ca FlsSetValue 17314->17315 17316 7ff6b797c2af FlsGetValue 17314->17316 17317 7ff6b797c2d7 17315->17317 17320 7ff6b797b4e7 SetLastError 17315->17320 17318 7ff6b797c2c4 17316->17318 17316->17320 17319 7ff6b797fe04 _get_daylight 11 API calls 17317->17319 17318->17315 17321 7ff6b797c2e6 17319->17321 17320->17307 17322 7ff6b797c304 FlsSetValue 17321->17322 17323 7ff6b797c2f4 FlsSetValue 17321->17323 17325 7ff6b797c322 17322->17325 17326 7ff6b797c310 FlsSetValue 17322->17326 17324 7ff6b797c2fd 17323->17324 17327 7ff6b797b464 __free_lconv_mon 11 API calls 17324->17327 17328 7ff6b797bdfc _get_daylight 11 API calls 17325->17328 17326->17324 17327->17320 17329 7ff6b797c32a 17328->17329 17330 7ff6b797b464 __free_lconv_mon 11 API calls 17329->17330 17330->17320 17332 7ff6b797b592 memcpy_s _CallSETranslator 17331->17332 17333 7ff6b797b5ba RtlCaptureContext RtlLookupFunctionEntry 17332->17333 17334 7ff6b797b62a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17333->17334 17335 7ff6b797b5f4 RtlVirtualUnwind 17333->17335 17337 7ff6b797b67c _CallSETranslator 17334->17337 17335->17334 17339 7ff6b796bb10 17337->17339 17340 7ff6b796bb19 17339->17340 17341 7ff6b796bb24 GetCurrentProcess TerminateProcess 17340->17341 17342 7ff6b796bea0 IsProcessorFeaturePresent 17340->17342 17343 7ff6b796beb8 17342->17343 17348 7ff6b796c098 RtlCaptureContext 17343->17348 17349 7ff6b796c0b2 RtlLookupFunctionEntry 17348->17349 17350 7ff6b796c0c8 RtlVirtualUnwind 17349->17350 17351 7ff6b796becb 17349->17351 17350->17349 17350->17351 17352 7ff6b796be60 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17351->17352 17354 7ff6b79806f0 17353->17354 17356 7ff6b7980796 17354->17356 17357 7ff6b7980743 17354->17357 17355 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17359 7ff6b798076c 17355->17359 17670 7ff6b79805c8 17356->17670 17357->17355 17359->16954 17678 7ff6b796be10 17360->17678 17363 7ff6b7962aab GetLastError 17685 7ff6b7962310 17363->17685 17364 7ff6b7962ad0 17680 7ff6b7968840 FindFirstFileExW 17364->17680 17367 7ff6b7962ac6 17372 7ff6b796bb10 _log10_special 8 API calls 17367->17372 17369 7ff6b7962b3d 17715 7ff6b7968a00 17369->17715 17370 7ff6b7962ae3 17702 7ff6b79688c0 CreateFileW 17370->17702 17375 7ff6b7962b75 17372->17375 17374 7ff6b7962b4b 17374->17367 17379 7ff6b7961f30 78 API calls 17374->17379 17375->17084 17382 7ff6b7961930 17375->17382 17377 7ff6b7962b0c __vcrt_InitializeCriticalSectionEx 17377->17369 17378 7ff6b7962af4 17705 7ff6b7961f30 17378->17705 17379->17367 17383 7ff6b79639d0 108 API calls 17382->17383 17384 7ff6b7961965 17383->17384 17385 7ff6b7961c23 17384->17385 17387 7ff6b79673d0 83 API calls 17384->17387 17386 7ff6b796bb10 _log10_special 8 API calls 17385->17386 17388 7ff6b7961c3e 17386->17388 17389 7ff6b79619ab 17387->17389 17388->16961 17388->16962 17431 7ff6b79619e3 17389->17431 18129 7ff6b796fc2c 17389->18129 17391 7ff6b796f5a4 74 API calls 17391->17385 17392 7ff6b79619c5 17393 7ff6b79619c9 17392->17393 17394 7ff6b79619e8 17392->17394 17396 7ff6b7975e48 _get_daylight 11 API calls 17393->17396 18133 7ff6b796f8f4 17394->18133 17398 7ff6b79619ce 17396->17398 18136 7ff6b7962020 17398->18136 17400 7ff6b7961a06 17402 7ff6b7975e48 _get_daylight 11 API calls 17400->17402 17401 7ff6b7961a25 17405 7ff6b7961a5b 17401->17405 17406 7ff6b7961a3c 17401->17406 17403 7ff6b7961a0b 17402->17403 17404 7ff6b7962020 87 API calls 17403->17404 17404->17431 17407 7ff6b7961c60 49 API calls 17405->17407 17408 7ff6b7975e48 _get_daylight 11 API calls 17406->17408 17409 7ff6b7961a72 17407->17409 17410 7ff6b7961a41 17408->17410 17412 7ff6b7961c60 49 API calls 17409->17412 17411 7ff6b7962020 87 API calls 17410->17411 17411->17431 17413 7ff6b7961abd 17412->17413 17414 7ff6b796fc2c 73 API calls 17413->17414 17415 7ff6b7961ae1 17414->17415 17416 7ff6b7961af6 17415->17416 17417 7ff6b7961b15 17415->17417 17419 7ff6b7975e48 _get_daylight 11 API calls 17416->17419 17418 7ff6b796f8f4 _fread_nolock 53 API calls 17417->17418 17420 7ff6b7961b2a 17418->17420 17421 7ff6b7961afb 17419->17421 17422 7ff6b7961b4f 17420->17422 17423 7ff6b7961b30 17420->17423 17424 7ff6b7962020 87 API calls 17421->17424 18151 7ff6b796f668 17422->18151 17425 7ff6b7975e48 _get_daylight 11 API calls 17423->17425 17424->17431 17427 7ff6b7961b35 17425->17427 17429 7ff6b7962020 87 API calls 17427->17429 17429->17431 17430 7ff6b7961e50 81 API calls 17430->17431 17431->17391 17433 7ff6b7967e7a 17432->17433 17434 7ff6b7968950 2 API calls 17433->17434 17435 7ff6b7967e99 GetEnvironmentVariableW 17434->17435 17436 7ff6b7967eb6 ExpandEnvironmentStringsW 17435->17436 17437 7ff6b7967f02 17435->17437 17436->17437 17438 7ff6b7967ed8 17436->17438 17439 7ff6b796bb10 _log10_special 8 API calls 17437->17439 17440 7ff6b7968a00 2 API calls 17438->17440 17441 7ff6b7967f14 17439->17441 17442 7ff6b7967eea 17440->17442 17441->16970 17443 7ff6b796bb10 _log10_special 8 API calls 17442->17443 17444 7ff6b7967efa 17443->17444 17444->16970 17446 7ff6b7968950 2 API calls 17445->17446 17447 7ff6b7967f9c 17446->17447 17448 7ff6b7968950 2 API calls 17447->17448 17449 7ff6b7967fac 17448->17449 18415 7ff6b7979174 17449->18415 17451 7ff6b7967fba __vcrt_freefls 17451->17011 17453 7ff6b79685d5 17452->17453 18433 7ff6b7967bb0 GetCurrentProcess OpenProcessToken 17453->18433 17456 7ff6b7967bb0 7 API calls 17457 7ff6b7968601 17456->17457 17458 7ff6b796861a 17457->17458 17459 7ff6b7968634 17457->17459 17460 7ff6b7961d50 48 API calls 17458->17460 17461 7ff6b7961d50 48 API calls 17459->17461 17462 7ff6b7968632 17460->17462 17463 7ff6b7968647 LocalFree LocalFree 17461->17463 17462->17463 17464 7ff6b7968663 17463->17464 17466 7ff6b796866f 17463->17466 18443 7ff6b7962220 17464->18443 17467 7ff6b796bb10 _log10_special 8 API calls 17466->17467 17468 7ff6b7963099 17467->17468 17468->17020 17469 7ff6b7967ca0 17468->17469 17470 7ff6b7967cb8 17469->17470 17471 7ff6b7967d3a GetTempPathW GetCurrentProcessId 17470->17471 17472 7ff6b7967cdc 17470->17472 18454 7ff6b7968760 17471->18454 17474 7ff6b7967e70 14 API calls 17472->17474 17475 7ff6b7967ce8 17474->17475 18461 7ff6b7967610 17475->18461 17482 7ff6b7967d68 __vcrt_freefls 17491 7ff6b7967da5 __vcrt_freefls 17482->17491 18458 7ff6b7979aa4 17482->18458 17503 7ff6b7968972 MultiByteToWideChar 17502->17503 17504 7ff6b7968996 17502->17504 17503->17504 17506 7ff6b79689ac __vcrt_freefls 17503->17506 17505 7ff6b79689b3 MultiByteToWideChar 17504->17505 17504->17506 17505->17506 17506->17033 17519 7ff6b796278e memcpy_s 17507->17519 17508 7ff6b796bb10 _log10_special 8 API calls 17509 7ff6b7962a24 17508->17509 17509->17084 17526 7ff6b7968590 LocalFree 17509->17526 17511 7ff6b7962987 17511->17508 17512 7ff6b7961c60 49 API calls 17512->17519 17513 7ff6b79629a2 17515 7ff6b7961e50 81 API calls 17513->17515 17515->17511 17518 7ff6b7962989 17521 7ff6b7961e50 81 API calls 17518->17521 17519->17511 17519->17512 17519->17513 17519->17518 17520 7ff6b7962140 81 API calls 17519->17520 17524 7ff6b7962990 17519->17524 18725 7ff6b7963970 17519->18725 18731 7ff6b7967260 17519->18731 18742 7ff6b79615e0 17519->18742 18790 7ff6b7966560 17519->18790 18794 7ff6b79635a0 17519->18794 18838 7ff6b7963860 17519->18838 17520->17519 17521->17511 17525 7ff6b7961e50 81 API calls 17524->17525 17525->17511 17528 7ff6b7961c85 17527->17528 17529 7ff6b79758c4 49 API calls 17528->17529 17530 7ff6b7961ca8 17529->17530 17530->16965 17532 7ff6b7968950 2 API calls 17531->17532 17533 7ff6b7967ff4 17532->17533 17534 7ff6b7979174 38 API calls 17533->17534 17535 7ff6b7968006 __vcrt_freefls 17534->17535 17535->16978 17537 7ff6b79639dc 17536->17537 17538 7ff6b7968950 2 API calls 17537->17538 17539 7ff6b7963a04 17538->17539 17540 7ff6b7968950 2 API calls 17539->17540 17541 7ff6b7963a17 17540->17541 19021 7ff6b7976f54 17541->19021 17544 7ff6b796bb10 _log10_special 8 API calls 17545 7ff6b7962ceb 17544->17545 17545->16968 17546 7ff6b79673d0 17545->17546 17547 7ff6b79673f4 17546->17547 17548 7ff6b796fc2c 73 API calls 17547->17548 17553 7ff6b79674cb __vcrt_freefls 17547->17553 17549 7ff6b7967410 17548->17549 17549->17553 19412 7ff6b7978804 17549->19412 17551 7ff6b796fc2c 73 API calls 17554 7ff6b7967425 17551->17554 17552 7ff6b796f8f4 _fread_nolock 53 API calls 17552->17554 17553->16972 17554->17551 17554->17552 17554->17553 17556 7ff6b796f5d4 17555->17556 19427 7ff6b796f380 17556->19427 17558 7ff6b796f5ed 17558->16968 17560 7ff6b796be10 17559->17560 17561 7ff6b7961e74 GetCurrentProcessId 17560->17561 17562 7ff6b7961c60 49 API calls 17561->17562 17563 7ff6b7961ec5 17562->17563 17564 7ff6b79758c4 49 API calls 17563->17564 17565 7ff6b7961f02 17564->17565 17566 7ff6b7961cc0 80 API calls 17565->17566 17567 7ff6b7961f0c 17566->17567 17568 7ff6b796bb10 _log10_special 8 API calls 17567->17568 17569 7ff6b7961f1c 17568->17569 17569->17084 17571 7ff6b7968510 GetConsoleWindow 17570->17571 17572 7ff6b796852a GetCurrentProcessId GetWindowThreadProcessId 17571->17572 17573 7ff6b7963038 17571->17573 17572->17573 17574 7ff6b7968549 17572->17574 17573->17000 17574->17573 17575 7ff6b7968551 ShowWindow 17574->17575 17575->17573 17576 7ff6b7968560 Sleep 17575->17576 17576->17573 17576->17575 17578 7ff6b7961c60 49 API calls 17577->17578 17579 7ff6b796390d 17578->17579 17579->17014 17581 7ff6b7961c60 49 API calls 17580->17581 17582 7ff6b7963a70 17581->17582 17582->17031 17584 7ff6b7966215 17583->17584 17585 7ff6b7975e48 _get_daylight 11 API calls 17584->17585 17588 7ff6b79632b3 17584->17588 17586 7ff6b7966222 17585->17586 17587 7ff6b7962020 87 API calls 17586->17587 17587->17588 17589 7ff6b7966780 17588->17589 19438 7ff6b7961450 17589->19438 19544 7ff6b79657a0 17657->19544 17677 7ff6b79762dc EnterCriticalSection 17670->17677 17679 7ff6b7962a7c GetModuleFileNameW 17678->17679 17679->17363 17679->17364 17681 7ff6b7968892 17680->17681 17682 7ff6b796887f FindClose 17680->17682 17683 7ff6b796bb10 _log10_special 8 API calls 17681->17683 17682->17681 17684 7ff6b7962ada 17683->17684 17684->17369 17684->17370 17686 7ff6b796be10 17685->17686 17687 7ff6b7962330 GetCurrentProcessId 17686->17687 17720 7ff6b7961d50 17687->17720 17689 7ff6b796237b 17724 7ff6b7975b18 17689->17724 17692 7ff6b7961d50 48 API calls 17693 7ff6b79623eb FormatMessageW 17692->17693 17695 7ff6b7962436 17693->17695 17696 7ff6b7962424 17693->17696 17742 7ff6b7961e00 17695->17742 17697 7ff6b7961d50 48 API calls 17696->17697 17697->17695 17700 7ff6b796bb10 _log10_special 8 API calls 17701 7ff6b7962464 17700->17701 17701->17367 17703 7ff6b7962af0 17702->17703 17704 7ff6b7968900 GetFinalPathNameByHandleW CloseHandle 17702->17704 17703->17377 17703->17378 17704->17703 17706 7ff6b7961f54 17705->17706 17707 7ff6b7961d50 48 API calls 17706->17707 17708 7ff6b7961fa5 17707->17708 17709 7ff6b7975b18 48 API calls 17708->17709 17710 7ff6b7961fe3 17709->17710 17711 7ff6b7961e00 78 API calls 17710->17711 17712 7ff6b7962001 17711->17712 17713 7ff6b796bb10 _log10_special 8 API calls 17712->17713 17714 7ff6b7962011 17713->17714 17714->17367 17716 7ff6b7968a2a WideCharToMultiByte 17715->17716 17717 7ff6b7968a55 17715->17717 17716->17717 17719 7ff6b7968a6b __vcrt_freefls 17716->17719 17718 7ff6b7968a72 WideCharToMultiByte 17717->17718 17717->17719 17718->17719 17719->17374 17721 7ff6b7961d75 17720->17721 17722 7ff6b7975b18 48 API calls 17721->17722 17723 7ff6b7961d98 17722->17723 17723->17689 17727 7ff6b7975b72 17724->17727 17725 7ff6b7975b97 17728 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17725->17728 17726 7ff6b7975bd3 17746 7ff6b7972e08 17726->17746 17727->17725 17727->17726 17730 7ff6b7975bc1 17728->17730 17732 7ff6b796bb10 _log10_special 8 API calls 17730->17732 17735 7ff6b79623bb 17732->17735 17733 7ff6b797b464 __free_lconv_mon 11 API calls 17733->17730 17734 7ff6b7975cb4 17734->17733 17735->17692 17736 7ff6b7975cda 17736->17734 17738 7ff6b7975ce4 17736->17738 17737 7ff6b7975c89 17739 7ff6b797b464 __free_lconv_mon 11 API calls 17737->17739 17741 7ff6b797b464 __free_lconv_mon 11 API calls 17738->17741 17739->17730 17740 7ff6b7975c80 17740->17734 17740->17737 17741->17730 17743 7ff6b7961e26 17742->17743 18114 7ff6b79757a0 17743->18114 17745 7ff6b7961e3c 17745->17700 17747 7ff6b7972e46 17746->17747 17748 7ff6b7972e36 17746->17748 17749 7ff6b7972e4f 17747->17749 17754 7ff6b7972e7d 17747->17754 17750 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17748->17750 17751 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17749->17751 17752 7ff6b7972e75 17750->17752 17751->17752 17752->17734 17752->17736 17752->17737 17752->17740 17754->17748 17754->17752 17757 7ff6b7974450 17754->17757 17790 7ff6b79735a0 17754->17790 17827 7ff6b7972390 17754->17827 17758 7ff6b7974492 17757->17758 17759 7ff6b7974503 17757->17759 17760 7ff6b797452d 17758->17760 17761 7ff6b7974498 17758->17761 17762 7ff6b797455c 17759->17762 17763 7ff6b7974508 17759->17763 17850 7ff6b797132c 17760->17850 17764 7ff6b79744cc 17761->17764 17765 7ff6b797449d 17761->17765 17769 7ff6b7974573 17762->17769 17771 7ff6b7974566 17762->17771 17775 7ff6b797456b 17762->17775 17766 7ff6b797453d 17763->17766 17767 7ff6b797450a 17763->17767 17770 7ff6b79744a3 17764->17770 17764->17775 17765->17769 17765->17770 17857 7ff6b7970f1c 17766->17857 17777 7ff6b79744ac 17767->17777 17779 7ff6b7974519 17767->17779 17864 7ff6b7975158 17769->17864 17770->17777 17778 7ff6b79744de 17770->17778 17786 7ff6b79744c7 17770->17786 17771->17760 17771->17775 17788 7ff6b797459c 17775->17788 17868 7ff6b797173c 17775->17868 17777->17788 17830 7ff6b7974c04 17777->17830 17778->17788 17840 7ff6b7974f40 17778->17840 17779->17760 17781 7ff6b797451e 17779->17781 17781->17788 17846 7ff6b7975004 17781->17846 17782 7ff6b796bb10 _log10_special 8 API calls 17784 7ff6b7974896 17782->17784 17784->17754 17786->17788 17789 7ff6b7974788 17786->17789 17875 7ff6b7975270 17786->17875 17788->17782 17789->17788 17881 7ff6b797fad0 17789->17881 17791 7ff6b79735c4 17790->17791 17792 7ff6b79735ae 17790->17792 17793 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17791->17793 17796 7ff6b7973604 17791->17796 17794 7ff6b7974492 17792->17794 17795 7ff6b7974503 17792->17795 17792->17796 17793->17796 17797 7ff6b797452d 17794->17797 17798 7ff6b7974498 17794->17798 17799 7ff6b797455c 17795->17799 17800 7ff6b7974508 17795->17800 17796->17754 17805 7ff6b797132c 38 API calls 17797->17805 17801 7ff6b79744cc 17798->17801 17802 7ff6b797449d 17798->17802 17806 7ff6b7974573 17799->17806 17809 7ff6b7974566 17799->17809 17812 7ff6b797456b 17799->17812 17803 7ff6b797453d 17800->17803 17804 7ff6b797450a 17800->17804 17807 7ff6b79744a3 17801->17807 17801->17812 17802->17806 17802->17807 17810 7ff6b7970f1c 38 API calls 17803->17810 17808 7ff6b79744ac 17804->17808 17816 7ff6b7974519 17804->17816 17823 7ff6b79744c7 17805->17823 17813 7ff6b7975158 45 API calls 17806->17813 17807->17808 17814 7ff6b79744de 17807->17814 17807->17823 17811 7ff6b7974c04 47 API calls 17808->17811 17825 7ff6b797459c 17808->17825 17809->17797 17809->17812 17810->17823 17811->17823 17815 7ff6b797173c 38 API calls 17812->17815 17812->17825 17813->17823 17817 7ff6b7974f40 46 API calls 17814->17817 17814->17825 17815->17823 17816->17797 17818 7ff6b797451e 17816->17818 17817->17823 17820 7ff6b7975004 37 API calls 17818->17820 17818->17825 17819 7ff6b796bb10 _log10_special 8 API calls 17821 7ff6b7974896 17819->17821 17820->17823 17821->17754 17822 7ff6b7975270 45 API calls 17826 7ff6b7974788 17822->17826 17823->17822 17823->17825 17823->17826 17824 7ff6b797fad0 46 API calls 17824->17826 17825->17819 17826->17824 17826->17825 18097 7ff6b79705a0 17827->18097 17831 7ff6b7974c2a 17830->17831 17893 7ff6b7970158 17831->17893 17836 7ff6b7974d6f 17838 7ff6b7975270 45 API calls 17836->17838 17839 7ff6b7974dfd 17836->17839 17837 7ff6b7975270 45 API calls 17837->17836 17838->17839 17839->17786 17841 7ff6b7974f75 17840->17841 17842 7ff6b7974fba 17841->17842 17843 7ff6b7974f93 17841->17843 17844 7ff6b7975270 45 API calls 17841->17844 17842->17786 17845 7ff6b797fad0 46 API calls 17843->17845 17844->17843 17845->17842 17848 7ff6b7975025 17846->17848 17847 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17849 7ff6b7975056 17847->17849 17848->17847 17848->17849 17849->17786 17851 7ff6b797135f 17850->17851 17852 7ff6b797138e 17851->17852 17854 7ff6b797144b 17851->17854 17856 7ff6b79713cb 17852->17856 18029 7ff6b7970200 17852->18029 17855 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17854->17855 17855->17856 17856->17786 17858 7ff6b7970f4f 17857->17858 17859 7ff6b7970f7e 17858->17859 17861 7ff6b797103b 17858->17861 17860 7ff6b7970200 12 API calls 17859->17860 17863 7ff6b7970fbb 17859->17863 17860->17863 17862 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17861->17862 17862->17863 17863->17786 17865 7ff6b797519b 17864->17865 17867 7ff6b797519f __crtLCMapStringW 17865->17867 18037 7ff6b79751f4 17865->18037 17867->17786 17869 7ff6b797176f 17868->17869 17870 7ff6b797179e 17869->17870 17872 7ff6b797185b 17869->17872 17871 7ff6b7970200 12 API calls 17870->17871 17874 7ff6b79717db 17870->17874 17871->17874 17873 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17872->17873 17873->17874 17874->17786 17876 7ff6b7975287 17875->17876 18041 7ff6b797ea80 17876->18041 17882 7ff6b797fb01 17881->17882 17891 7ff6b797fb0f 17881->17891 17883 7ff6b797fb2f 17882->17883 17884 7ff6b7975270 45 API calls 17882->17884 17882->17891 17885 7ff6b797fb67 17883->17885 17886 7ff6b797fb40 17883->17886 17884->17883 17888 7ff6b797fbf2 17885->17888 17889 7ff6b797fb91 17885->17889 17885->17891 18087 7ff6b7981310 17886->18087 17890 7ff6b7980b10 _fread_nolock MultiByteToWideChar 17888->17890 17889->17891 18090 7ff6b7980b10 17889->18090 17890->17891 17891->17789 17894 7ff6b797018f 17893->17894 17899 7ff6b797017e 17893->17899 17895 7ff6b797e6c4 _fread_nolock 12 API calls 17894->17895 17894->17899 17896 7ff6b79701bc 17895->17896 17897 7ff6b797b464 __free_lconv_mon 11 API calls 17896->17897 17900 7ff6b79701d0 17896->17900 17897->17900 17898 7ff6b797b464 __free_lconv_mon 11 API calls 17898->17899 17901 7ff6b797f638 17899->17901 17900->17898 17902 7ff6b797f688 17901->17902 17903 7ff6b797f655 17901->17903 17902->17903 17906 7ff6b797f6ba 17902->17906 17904 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17903->17904 17905 7ff6b7974d4d 17904->17905 17905->17836 17905->17837 17912 7ff6b797f7cd 17906->17912 17916 7ff6b797f702 17906->17916 17907 7ff6b797f8bf 17956 7ff6b797eb24 17907->17956 17909 7ff6b797f885 17949 7ff6b797eebc 17909->17949 17911 7ff6b797f854 17942 7ff6b797f19c 17911->17942 17912->17907 17912->17909 17912->17911 17914 7ff6b797f817 17912->17914 17915 7ff6b797f80d 17912->17915 17932 7ff6b797f3cc 17914->17932 17915->17909 17918 7ff6b797f812 17915->17918 17916->17905 17923 7ff6b797b3ac 17916->17923 17918->17911 17918->17914 17921 7ff6b797b844 _isindst 17 API calls 17922 7ff6b797f91c 17921->17922 17924 7ff6b797b3b9 17923->17924 17925 7ff6b797b3c3 17923->17925 17924->17925 17929 7ff6b797b3de 17924->17929 17926 7ff6b7975e48 _get_daylight 11 API calls 17925->17926 17931 7ff6b797b3ca 17926->17931 17927 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 17928 7ff6b797b3d6 17927->17928 17928->17905 17928->17921 17929->17928 17930 7ff6b7975e48 _get_daylight 11 API calls 17929->17930 17930->17931 17931->17927 17965 7ff6b798531c 17932->17965 17936 7ff6b797f474 17937 7ff6b797f4c9 17936->17937 17938 7ff6b797f494 17936->17938 17941 7ff6b797f478 17936->17941 18018 7ff6b797efb8 17937->18018 18014 7ff6b797f274 17938->18014 17941->17905 17943 7ff6b798531c 38 API calls 17942->17943 17944 7ff6b797f1e6 17943->17944 17945 7ff6b7984d64 37 API calls 17944->17945 17946 7ff6b797f236 17945->17946 17947 7ff6b797f23a 17946->17947 17948 7ff6b797f274 45 API calls 17946->17948 17947->17905 17948->17947 17950 7ff6b798531c 38 API calls 17949->17950 17951 7ff6b797ef07 17950->17951 17952 7ff6b7984d64 37 API calls 17951->17952 17953 7ff6b797ef5f 17952->17953 17954 7ff6b797ef63 17953->17954 17955 7ff6b797efb8 45 API calls 17953->17955 17954->17905 17955->17954 17957 7ff6b797eb9c 17956->17957 17958 7ff6b797eb69 17956->17958 17960 7ff6b797ebb4 17957->17960 17962 7ff6b797ec35 17957->17962 17959 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 17958->17959 17964 7ff6b797eb95 memcpy_s 17959->17964 17961 7ff6b797eebc 46 API calls 17960->17961 17961->17964 17963 7ff6b7975270 45 API calls 17962->17963 17962->17964 17963->17964 17964->17905 17966 7ff6b798536f fegetenv 17965->17966 17967 7ff6b798909c 37 API calls 17966->17967 17970 7ff6b79853c2 17967->17970 17968 7ff6b79854b2 17971 7ff6b798909c 37 API calls 17968->17971 17969 7ff6b79853ef 17973 7ff6b797b3ac __std_exception_copy 37 API calls 17969->17973 17970->17968 17974 7ff6b798548c 17970->17974 17975 7ff6b79853dd 17970->17975 17972 7ff6b79854dc 17971->17972 17976 7ff6b798909c 37 API calls 17972->17976 17977 7ff6b798546d 17973->17977 17979 7ff6b797b3ac __std_exception_copy 37 API calls 17974->17979 17975->17968 17975->17969 17980 7ff6b79854ed 17976->17980 17978 7ff6b7986594 17977->17978 17985 7ff6b7985475 17977->17985 17981 7ff6b797b844 _isindst 17 API calls 17978->17981 17979->17977 17982 7ff6b7989290 20 API calls 17980->17982 17983 7ff6b79865a9 17981->17983 17992 7ff6b7985556 memcpy_s 17982->17992 17984 7ff6b796bb10 _log10_special 8 API calls 17986 7ff6b797f419 17984->17986 17985->17984 18010 7ff6b7984d64 17986->18010 17987 7ff6b79858ff memcpy_s 17988 7ff6b7985c3f 17989 7ff6b7984e80 37 API calls 17988->17989 17998 7ff6b7986357 17989->17998 17990 7ff6b7985beb 17990->17988 17993 7ff6b79865ac memcpy_s 37 API calls 17990->17993 17991 7ff6b7985597 memcpy_s 17995 7ff6b7985edb memcpy_s 17991->17995 18005 7ff6b79859f3 memcpy_s 17991->18005 17992->17987 17992->17991 17994 7ff6b7975e48 _get_daylight 11 API calls 17992->17994 17993->17988 17996 7ff6b79859d0 17994->17996 17995->17988 17995->17990 18002 7ff6b7975e48 11 API calls _get_daylight 17995->18002 18007 7ff6b797b824 37 API calls _invalid_parameter_noinfo 17995->18007 17999 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 17996->17999 17997 7ff6b79863b2 18000 7ff6b7986538 17997->18000 18006 7ff6b7984e80 37 API calls 17997->18006 18009 7ff6b79865ac memcpy_s 37 API calls 17997->18009 17998->17997 18001 7ff6b79865ac memcpy_s 37 API calls 17998->18001 17999->17991 18003 7ff6b798909c 37 API calls 18000->18003 18001->17997 18002->17995 18003->17985 18004 7ff6b7975e48 11 API calls _get_daylight 18004->18005 18005->17990 18005->18004 18008 7ff6b797b824 37 API calls _invalid_parameter_noinfo 18005->18008 18006->17997 18007->17995 18008->18005 18009->17997 18011 7ff6b7984d83 18010->18011 18012 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18011->18012 18013 7ff6b7984dae memcpy_s 18011->18013 18012->18013 18013->17936 18015 7ff6b797f2a0 memcpy_s 18014->18015 18016 7ff6b7975270 45 API calls 18015->18016 18017 7ff6b797f35a memcpy_s 18015->18017 18016->18017 18017->17941 18019 7ff6b797eff3 18018->18019 18023 7ff6b797f040 memcpy_s 18018->18023 18020 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18019->18020 18021 7ff6b797f01f 18020->18021 18021->17941 18022 7ff6b797f0ab 18024 7ff6b797b3ac __std_exception_copy 37 API calls 18022->18024 18023->18022 18025 7ff6b7975270 45 API calls 18023->18025 18028 7ff6b797f0ed memcpy_s 18024->18028 18025->18022 18026 7ff6b797b844 _isindst 17 API calls 18027 7ff6b797f198 18026->18027 18028->18026 18030 7ff6b7970226 18029->18030 18031 7ff6b7970237 18029->18031 18030->17856 18031->18030 18032 7ff6b797e6c4 _fread_nolock 12 API calls 18031->18032 18033 7ff6b7970268 18032->18033 18034 7ff6b797027c 18033->18034 18035 7ff6b797b464 __free_lconv_mon 11 API calls 18033->18035 18036 7ff6b797b464 __free_lconv_mon 11 API calls 18034->18036 18035->18034 18036->18030 18038 7ff6b7975212 18037->18038 18040 7ff6b797521a 18037->18040 18039 7ff6b7975270 45 API calls 18038->18039 18039->18040 18040->17867 18042 7ff6b797ea99 18041->18042 18043 7ff6b79752af 18041->18043 18042->18043 18049 7ff6b7984574 18042->18049 18045 7ff6b797eaec 18043->18045 18046 7ff6b79752bf 18045->18046 18047 7ff6b797eb05 18045->18047 18046->17789 18047->18046 18084 7ff6b79838c0 18047->18084 18061 7ff6b797c050 GetLastError 18049->18061 18052 7ff6b79845ce 18052->18043 18062 7ff6b797c074 FlsGetValue 18061->18062 18063 7ff6b797c091 FlsSetValue 18061->18063 18064 7ff6b797c08b 18062->18064 18080 7ff6b797c081 18062->18080 18065 7ff6b797c0a3 18063->18065 18063->18080 18064->18063 18067 7ff6b797fe04 _get_daylight 11 API calls 18065->18067 18066 7ff6b797c0fd SetLastError 18069 7ff6b797c11d 18066->18069 18070 7ff6b797c10a 18066->18070 18068 7ff6b797c0b2 18067->18068 18071 7ff6b797c0d0 FlsSetValue 18068->18071 18072 7ff6b797c0c0 FlsSetValue 18068->18072 18073 7ff6b797b40c _CallSETranslator 38 API calls 18069->18073 18070->18052 18083 7ff6b7981548 EnterCriticalSection 18070->18083 18075 7ff6b797c0dc FlsSetValue 18071->18075 18076 7ff6b797c0ee 18071->18076 18074 7ff6b797c0c9 18072->18074 18077 7ff6b797c122 18073->18077 18078 7ff6b797b464 __free_lconv_mon 11 API calls 18074->18078 18075->18074 18079 7ff6b797bdfc _get_daylight 11 API calls 18076->18079 18078->18080 18081 7ff6b797c0f6 18079->18081 18080->18066 18082 7ff6b797b464 __free_lconv_mon 11 API calls 18081->18082 18082->18066 18085 7ff6b797c050 _CallSETranslator 45 API calls 18084->18085 18086 7ff6b79838c9 18085->18086 18093 7ff6b7987ff8 18087->18093 18092 7ff6b7980b19 MultiByteToWideChar 18090->18092 18095 7ff6b798805c 18093->18095 18094 7ff6b796bb10 _log10_special 8 API calls 18096 7ff6b798132d 18094->18096 18095->18094 18096->17891 18098 7ff6b79705e7 18097->18098 18099 7ff6b79705d5 18097->18099 18101 7ff6b79705f5 18098->18101 18106 7ff6b7970631 18098->18106 18100 7ff6b7975e48 _get_daylight 11 API calls 18099->18100 18102 7ff6b79705da 18100->18102 18104 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18101->18104 18103 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18102->18103 18110 7ff6b79705e5 18103->18110 18104->18110 18105 7ff6b79709ad 18108 7ff6b7975e48 _get_daylight 11 API calls 18105->18108 18105->18110 18106->18105 18107 7ff6b7975e48 _get_daylight 11 API calls 18106->18107 18109 7ff6b79709a2 18107->18109 18111 7ff6b7970c41 18108->18111 18113 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18109->18113 18110->17754 18112 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18111->18112 18112->18110 18113->18105 18116 7ff6b79757ca 18114->18116 18115 7ff6b7975802 18117 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18115->18117 18116->18115 18118 7ff6b7975835 18116->18118 18120 7ff6b797582b 18117->18120 18121 7ff6b79700d8 18118->18121 18120->17745 18128 7ff6b79762dc EnterCriticalSection 18121->18128 18130 7ff6b796fc5c 18129->18130 18157 7ff6b796f9bc 18130->18157 18132 7ff6b796fc75 18132->17392 18169 7ff6b796f914 18133->18169 18137 7ff6b796be10 18136->18137 18138 7ff6b7962040 GetCurrentProcessId 18137->18138 18139 7ff6b7961c60 49 API calls 18138->18139 18140 7ff6b796208b 18139->18140 18183 7ff6b79758c4 18140->18183 18144 7ff6b79620ec 18145 7ff6b7961c60 49 API calls 18144->18145 18146 7ff6b7962106 18145->18146 18223 7ff6b7961cc0 18146->18223 18149 7ff6b796bb10 _log10_special 8 API calls 18150 7ff6b7962120 18149->18150 18150->17431 18152 7ff6b7961b69 18151->18152 18153 7ff6b796f671 18151->18153 18152->17430 18152->17431 18154 7ff6b7975e48 _get_daylight 11 API calls 18153->18154 18155 7ff6b796f676 18154->18155 18156 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18155->18156 18156->18152 18158 7ff6b796fa26 18157->18158 18159 7ff6b796f9e6 18157->18159 18158->18159 18161 7ff6b796fa32 18158->18161 18160 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18159->18160 18162 7ff6b796fa0d 18160->18162 18168 7ff6b79762dc EnterCriticalSection 18161->18168 18162->18132 18170 7ff6b796f93e 18169->18170 18171 7ff6b7961a00 18169->18171 18170->18171 18172 7ff6b796f94d memcpy_s 18170->18172 18173 7ff6b796f98a 18170->18173 18171->17400 18171->17401 18175 7ff6b7975e48 _get_daylight 11 API calls 18172->18175 18182 7ff6b79762dc EnterCriticalSection 18173->18182 18177 7ff6b796f962 18175->18177 18180 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18177->18180 18180->18171 18186 7ff6b797591e 18183->18186 18184 7ff6b7975943 18185 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18184->18185 18189 7ff6b797596d 18185->18189 18186->18184 18187 7ff6b797597f 18186->18187 18234 7ff6b79727b8 18187->18234 18191 7ff6b796bb10 _log10_special 8 API calls 18189->18191 18190 7ff6b7975a5c 18192 7ff6b797b464 __free_lconv_mon 11 API calls 18190->18192 18193 7ff6b79620ca 18191->18193 18192->18189 18201 7ff6b79760a0 18193->18201 18195 7ff6b7975a80 18195->18190 18196 7ff6b7975a8a 18195->18196 18199 7ff6b797b464 __free_lconv_mon 11 API calls 18196->18199 18197 7ff6b797b464 __free_lconv_mon 11 API calls 18197->18189 18198 7ff6b7975a28 18198->18190 18200 7ff6b7975a31 18198->18200 18199->18189 18200->18197 18202 7ff6b797c1c8 _get_daylight 11 API calls 18201->18202 18203 7ff6b79760b7 18202->18203 18204 7ff6b797fe04 _get_daylight 11 API calls 18203->18204 18205 7ff6b79760f7 18203->18205 18210 7ff6b79760bf 18203->18210 18206 7ff6b79760ec 18204->18206 18205->18210 18372 7ff6b797fe8c 18205->18372 18207 7ff6b797b464 __free_lconv_mon 11 API calls 18206->18207 18207->18205 18210->18144 18211 7ff6b797b844 _isindst 17 API calls 18212 7ff6b797613c 18211->18212 18213 7ff6b797fe04 _get_daylight 11 API calls 18212->18213 18214 7ff6b7976189 18213->18214 18215 7ff6b797b464 __free_lconv_mon 11 API calls 18214->18215 18216 7ff6b7976197 18215->18216 18217 7ff6b797fe04 _get_daylight 11 API calls 18216->18217 18221 7ff6b79761c1 18216->18221 18218 7ff6b79761b3 18217->18218 18220 7ff6b797b464 __free_lconv_mon 11 API calls 18218->18220 18220->18221 18222 7ff6b79761ca 18221->18222 18381 7ff6b79802e0 18221->18381 18222->18144 18224 7ff6b7961ccc 18223->18224 18225 7ff6b7968950 2 API calls 18224->18225 18226 7ff6b7961cf4 18225->18226 18227 7ff6b7961d19 18226->18227 18228 7ff6b7961cfe 18226->18228 18396 7ff6b7961db0 18227->18396 18229 7ff6b7961e00 78 API calls 18228->18229 18231 7ff6b7961d17 18229->18231 18232 7ff6b796bb10 _log10_special 8 API calls 18231->18232 18233 7ff6b7961d40 18232->18233 18233->18149 18235 7ff6b79727f6 18234->18235 18240 7ff6b79727e6 18234->18240 18236 7ff6b79727ff 18235->18236 18242 7ff6b797282d 18235->18242 18238 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18236->18238 18237 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18239 7ff6b7972825 18237->18239 18238->18239 18239->18190 18239->18195 18239->18198 18239->18200 18240->18237 18241 7ff6b7975270 45 API calls 18241->18242 18242->18239 18242->18240 18242->18241 18244 7ff6b7972adc 18242->18244 18248 7ff6b7973b88 18242->18248 18274 7ff6b7973268 18242->18274 18304 7ff6b7972300 18242->18304 18246 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18244->18246 18246->18240 18249 7ff6b7973c3d 18248->18249 18250 7ff6b7973bca 18248->18250 18251 7ff6b7973c97 18249->18251 18252 7ff6b7973c42 18249->18252 18253 7ff6b7973c67 18250->18253 18254 7ff6b7973bd0 18250->18254 18251->18253 18265 7ff6b7973ca6 18251->18265 18272 7ff6b7973c00 18251->18272 18255 7ff6b7973c77 18252->18255 18256 7ff6b7973c44 18252->18256 18321 7ff6b7971128 18253->18321 18261 7ff6b7973bd5 18254->18261 18254->18265 18328 7ff6b7970d18 18255->18328 18257 7ff6b7973be5 18256->18257 18264 7ff6b7973c53 18256->18264 18273 7ff6b7973cd5 18257->18273 18307 7ff6b79749b0 18257->18307 18261->18257 18263 7ff6b7973c18 18261->18263 18261->18272 18263->18273 18317 7ff6b7974e6c 18263->18317 18264->18253 18266 7ff6b7973c58 18264->18266 18265->18273 18335 7ff6b7971538 18265->18335 18269 7ff6b7975004 37 API calls 18266->18269 18266->18273 18268 7ff6b796bb10 _log10_special 8 API calls 18270 7ff6b7973f6b 18268->18270 18269->18272 18270->18242 18272->18273 18342 7ff6b797f920 18272->18342 18273->18268 18275 7ff6b7973289 18274->18275 18276 7ff6b7973273 18274->18276 18277 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18275->18277 18280 7ff6b79732c7 18275->18280 18278 7ff6b7973c3d 18276->18278 18279 7ff6b7973bca 18276->18279 18276->18280 18277->18280 18281 7ff6b7973c97 18278->18281 18282 7ff6b7973c42 18278->18282 18283 7ff6b7973c67 18279->18283 18284 7ff6b7973bd0 18279->18284 18280->18242 18281->18283 18293 7ff6b7973ca6 18281->18293 18301 7ff6b7973c00 18281->18301 18285 7ff6b7973c77 18282->18285 18286 7ff6b7973c44 18282->18286 18288 7ff6b7971128 38 API calls 18283->18288 18291 7ff6b7973bd5 18284->18291 18284->18293 18289 7ff6b7970d18 38 API calls 18285->18289 18287 7ff6b7973be5 18286->18287 18295 7ff6b7973c53 18286->18295 18290 7ff6b79749b0 47 API calls 18287->18290 18303 7ff6b7973cd5 18287->18303 18288->18301 18289->18301 18290->18301 18291->18287 18292 7ff6b7973c18 18291->18292 18291->18301 18296 7ff6b7974e6c 47 API calls 18292->18296 18292->18303 18294 7ff6b7971538 38 API calls 18293->18294 18293->18303 18294->18301 18295->18283 18297 7ff6b7973c58 18295->18297 18296->18301 18299 7ff6b7975004 37 API calls 18297->18299 18297->18303 18298 7ff6b796bb10 _log10_special 8 API calls 18300 7ff6b7973f6b 18298->18300 18299->18301 18300->18242 18302 7ff6b797f920 47 API calls 18301->18302 18301->18303 18302->18301 18303->18298 18355 7ff6b79702ec 18304->18355 18308 7ff6b79749d2 18307->18308 18309 7ff6b7970158 12 API calls 18308->18309 18310 7ff6b7974a1a 18309->18310 18311 7ff6b797f638 46 API calls 18310->18311 18312 7ff6b7974aed 18311->18312 18313 7ff6b7975270 45 API calls 18312->18313 18314 7ff6b7974b0f 18312->18314 18313->18314 18315 7ff6b7975270 45 API calls 18314->18315 18316 7ff6b7974b98 18314->18316 18315->18316 18316->18272 18318 7ff6b7974eec 18317->18318 18319 7ff6b7974e84 18317->18319 18318->18272 18319->18318 18320 7ff6b797f920 47 API calls 18319->18320 18320->18318 18322 7ff6b797115b 18321->18322 18323 7ff6b797118a 18322->18323 18326 7ff6b7971247 18322->18326 18324 7ff6b79711c7 18323->18324 18325 7ff6b7970158 12 API calls 18323->18325 18324->18272 18325->18324 18327 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18326->18327 18327->18324 18329 7ff6b7970d4b 18328->18329 18330 7ff6b7970d7a 18329->18330 18332 7ff6b7970e37 18329->18332 18331 7ff6b7970158 12 API calls 18330->18331 18334 7ff6b7970db7 18330->18334 18331->18334 18333 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18332->18333 18333->18334 18334->18272 18336 7ff6b797156b 18335->18336 18337 7ff6b797159a 18336->18337 18339 7ff6b7971657 18336->18339 18338 7ff6b7970158 12 API calls 18337->18338 18341 7ff6b79715d7 18337->18341 18338->18341 18340 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18339->18340 18340->18341 18341->18272 18343 7ff6b797f948 18342->18343 18344 7ff6b797f98d 18343->18344 18345 7ff6b7975270 45 API calls 18343->18345 18350 7ff6b797f94d memcpy_s 18343->18350 18351 7ff6b797f976 memcpy_s 18343->18351 18344->18350 18344->18351 18352 7ff6b7981a58 18344->18352 18345->18344 18346 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18346->18350 18350->18272 18351->18346 18351->18350 18354 7ff6b7981a7c WideCharToMultiByte 18352->18354 18356 7ff6b797032b 18355->18356 18357 7ff6b7970319 18355->18357 18359 7ff6b7970338 18356->18359 18363 7ff6b7970375 18356->18363 18358 7ff6b7975e48 _get_daylight 11 API calls 18357->18358 18360 7ff6b797031e 18358->18360 18361 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18359->18361 18362 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18360->18362 18369 7ff6b7970329 18361->18369 18362->18369 18364 7ff6b797041e 18363->18364 18365 7ff6b7975e48 _get_daylight 11 API calls 18363->18365 18366 7ff6b7975e48 _get_daylight 11 API calls 18364->18366 18364->18369 18367 7ff6b7970413 18365->18367 18368 7ff6b79704c8 18366->18368 18370 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18367->18370 18371 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18368->18371 18369->18242 18370->18364 18371->18369 18375 7ff6b797fea9 18372->18375 18373 7ff6b797feae 18374 7ff6b7975e48 _get_daylight 11 API calls 18373->18374 18378 7ff6b797611d 18373->18378 18380 7ff6b797feb8 18374->18380 18375->18373 18376 7ff6b797fef8 18375->18376 18375->18378 18376->18378 18379 7ff6b7975e48 _get_daylight 11 API calls 18376->18379 18377 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18377->18378 18378->18210 18378->18211 18379->18380 18380->18377 18386 7ff6b797ff7c 18381->18386 18384 7ff6b798031b 18384->18221 18385 7ff6b7980335 InitializeCriticalSectionAndSpinCount 18385->18384 18387 7ff6b797ffd9 18386->18387 18394 7ff6b797ffd4 __vcrt_InitializeCriticalSectionEx 18386->18394 18387->18384 18387->18385 18388 7ff6b7980009 LoadLibraryExW 18390 7ff6b79800de 18388->18390 18391 7ff6b798002e GetLastError 18388->18391 18389 7ff6b79800fe GetProcAddress 18389->18387 18393 7ff6b798010f 18389->18393 18390->18389 18392 7ff6b79800f5 FreeLibrary 18390->18392 18391->18394 18392->18389 18393->18387 18394->18387 18394->18388 18394->18389 18395 7ff6b7980068 LoadLibraryExW 18394->18395 18395->18390 18395->18394 18397 7ff6b7961dd6 18396->18397 18400 7ff6b797567c 18397->18400 18399 7ff6b7961dec 18399->18231 18401 7ff6b79756a6 18400->18401 18402 7ff6b79756de 18401->18402 18404 7ff6b7975711 18401->18404 18403 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 18402->18403 18406 7ff6b7975707 18403->18406 18407 7ff6b7970118 18404->18407 18406->18399 18414 7ff6b79762dc EnterCriticalSection 18407->18414 18416 7ff6b7979194 18415->18416 18417 7ff6b7979181 18415->18417 18425 7ff6b7978df8 18416->18425 18419 7ff6b7975e48 _get_daylight 11 API calls 18417->18419 18421 7ff6b7979186 18419->18421 18422 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18421->18422 18423 7ff6b7979192 18422->18423 18423->17451 18432 7ff6b7981548 EnterCriticalSection 18425->18432 18434 7ff6b7967bf1 GetTokenInformation 18433->18434 18436 7ff6b7967c73 __vcrt_freefls 18433->18436 18435 7ff6b7967c12 GetLastError 18434->18435 18437 7ff6b7967c1d 18434->18437 18435->18436 18435->18437 18438 7ff6b7967c8c 18436->18438 18439 7ff6b7967c86 CloseHandle 18436->18439 18437->18436 18440 7ff6b7967c39 GetTokenInformation 18437->18440 18438->17456 18439->18438 18440->18436 18441 7ff6b7967c5c 18440->18441 18441->18436 18442 7ff6b7967c66 ConvertSidToStringSidW 18441->18442 18442->18436 18444 7ff6b796be10 18443->18444 18445 7ff6b7962244 GetCurrentProcessId 18444->18445 18446 7ff6b7961d50 48 API calls 18445->18446 18447 7ff6b7962295 18446->18447 18448 7ff6b7975b18 48 API calls 18447->18448 18449 7ff6b79622d3 18448->18449 18450 7ff6b7961e00 78 API calls 18449->18450 18451 7ff6b79622f1 18450->18451 18452 7ff6b796bb10 _log10_special 8 API calls 18451->18452 18453 7ff6b7962301 18452->18453 18453->17466 18455 7ff6b7968785 18454->18455 18456 7ff6b7975b18 48 API calls 18455->18456 18457 7ff6b79687a4 18456->18457 18457->17482 18462 7ff6b796761c 18461->18462 18463 7ff6b7968950 2 API calls 18462->18463 18464 7ff6b796763b 18463->18464 18726 7ff6b796397a 18725->18726 18727 7ff6b7968950 2 API calls 18726->18727 18728 7ff6b796399f 18727->18728 18729 7ff6b796bb10 _log10_special 8 API calls 18728->18729 18730 7ff6b79639c7 18729->18730 18730->17519 18733 7ff6b796726e 18731->18733 18732 7ff6b7967392 18735 7ff6b796bb10 _log10_special 8 API calls 18732->18735 18733->18732 18734 7ff6b7961c60 49 API calls 18733->18734 18739 7ff6b79672f5 18734->18739 18736 7ff6b79673c3 18735->18736 18736->17519 18737 7ff6b7961c60 49 API calls 18737->18739 18738 7ff6b7963970 10 API calls 18738->18739 18739->18732 18739->18737 18739->18738 18740 7ff6b7968950 2 API calls 18739->18740 18741 7ff6b7967363 CreateDirectoryW 18740->18741 18741->18732 18741->18739 18743 7ff6b7961617 18742->18743 18744 7ff6b79615f3 18742->18744 18746 7ff6b79639d0 108 API calls 18743->18746 18863 7ff6b7961030 18744->18863 18748 7ff6b796162b 18746->18748 18749 7ff6b7961633 18748->18749 18750 7ff6b7961662 18748->18750 18752 7ff6b7975e48 _get_daylight 11 API calls 18749->18752 18753 7ff6b79639d0 108 API calls 18750->18753 18755 7ff6b7961638 18752->18755 18756 7ff6b7961676 18753->18756 18792 7ff6b79665cb 18790->18792 18793 7ff6b7966584 18790->18793 18792->17519 18793->18792 18927 7ff6b7975f64 18793->18927 18795 7ff6b79635b1 18794->18795 18796 7ff6b79638f0 49 API calls 18795->18796 18797 7ff6b79635eb 18796->18797 18798 7ff6b79638f0 49 API calls 18797->18798 18799 7ff6b79635fb 18798->18799 18800 7ff6b796361d 18799->18800 18801 7ff6b796364c 18799->18801 18839 7ff6b7961c60 49 API calls 18838->18839 18840 7ff6b7963884 18839->18840 18840->17519 18864 7ff6b79639d0 108 API calls 18863->18864 18865 7ff6b796106c 18864->18865 18866 7ff6b7961089 18865->18866 18867 7ff6b7961074 18865->18867 18869 7ff6b796fc2c 73 API calls 18866->18869 18868 7ff6b7961e50 81 API calls 18867->18868 18928 7ff6b7975f71 18927->18928 18929 7ff6b7975f9e 18927->18929 18930 7ff6b7975e48 _get_daylight 11 API calls 18928->18930 18937 7ff6b7975f28 18928->18937 18931 7ff6b7975fc1 18929->18931 18932 7ff6b7975fdd 18929->18932 18933 7ff6b7975f7b 18930->18933 18934 7ff6b7975e48 _get_daylight 11 API calls 18931->18934 18942 7ff6b7975e8c 18932->18942 18936 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 18933->18936 18938 7ff6b7975fc6 18934->18938 18937->18793 18943 7ff6b7975eab 18942->18943 18944 7ff6b7975eb0 18942->18944 18944->18943 18945 7ff6b797c050 _CallSETranslator 45 API calls 18944->18945 19022 7ff6b7976e88 19021->19022 19023 7ff6b7976eae 19022->19023 19026 7ff6b7976ee1 19022->19026 19024 7ff6b7975e48 _get_daylight 11 API calls 19023->19024 19025 7ff6b7976eb3 19024->19025 19027 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 19025->19027 19028 7ff6b7976ee7 19026->19028 19029 7ff6b7976ef4 19026->19029 19030 7ff6b7963a26 19027->19030 19031 7ff6b7975e48 _get_daylight 11 API calls 19028->19031 19040 7ff6b797bb30 19029->19040 19030->17544 19031->19030 19053 7ff6b7981548 EnterCriticalSection 19040->19053 19413 7ff6b7978834 19412->19413 19416 7ff6b7978310 19413->19416 19415 7ff6b797884d 19415->17554 19417 7ff6b797832b 19416->19417 19418 7ff6b797835a 19416->19418 19420 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 19417->19420 19426 7ff6b79762dc EnterCriticalSection 19418->19426 19425 7ff6b797834b 19420->19425 19425->19415 19428 7ff6b796f39b 19427->19428 19429 7ff6b796f3c9 19427->19429 19431 7ff6b797b758 _invalid_parameter_noinfo 37 API calls 19428->19431 19430 7ff6b796f3bb 19429->19430 19437 7ff6b79762dc EnterCriticalSection 19429->19437 19430->17558 19431->19430 19439 7ff6b79639d0 108 API calls 19438->19439 19440 7ff6b7961473 19439->19440 19545 7ff6b79657b5 19544->19545 19546 7ff6b7961c60 49 API calls 19545->19546 19547 7ff6b79657f1 19546->19547 19548 7ff6b79657fa 19547->19548 19549 7ff6b796581d 19547->19549 19551 7ff6b7961e50 81 API calls 19548->19551 19550 7ff6b7963a40 49 API calls 19549->19550 19552 7ff6b7965835 19550->19552 19568 7ff6b7965813 19551->19568 19553 7ff6b7965853 19552->19553 19554 7ff6b7961e50 81 API calls 19552->19554 19554->19553 19834 7ff6b797c050 _CallSETranslator 45 API calls 19833->19834 19835 7ff6b797b361 19834->19835 19838 7ff6b797b40c 19835->19838 19847 7ff6b79848c0 19838->19847 19873 7ff6b7984878 19847->19873 19878 7ff6b7981548 EnterCriticalSection 19873->19878 19882 7ff6b7980bfc 19883 7ff6b7980dee 19882->19883 19885 7ff6b7980c3e _isindst 19882->19885 19884 7ff6b7975e48 _get_daylight 11 API calls 19883->19884 19902 7ff6b7980dde 19884->19902 19885->19883 19888 7ff6b7980cbe _isindst 19885->19888 19886 7ff6b796bb10 _log10_special 8 API calls 19887 7ff6b7980e09 19886->19887 19903 7ff6b7987404 19888->19903 19893 7ff6b7980e1a 19895 7ff6b797b844 _isindst 17 API calls 19893->19895 19897 7ff6b7980e2e 19895->19897 19900 7ff6b7980d1b 19900->19902 19927 7ff6b7987448 19900->19927 19902->19886 19904 7ff6b7987413 19903->19904 19907 7ff6b7980cdc 19903->19907 19934 7ff6b7981548 EnterCriticalSection 19904->19934 19909 7ff6b7986808 19907->19909 19910 7ff6b7980cf1 19909->19910 19911 7ff6b7986811 19909->19911 19910->19893 19915 7ff6b7986838 19910->19915 19912 7ff6b7975e48 _get_daylight 11 API calls 19911->19912 19913 7ff6b7986816 19912->19913 19914 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 19913->19914 19914->19910 19916 7ff6b7986841 19915->19916 19918 7ff6b7980d02 19915->19918 19917 7ff6b7975e48 _get_daylight 11 API calls 19916->19917 19919 7ff6b7986846 19917->19919 19918->19893 19921 7ff6b7986868 19918->19921 19920 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 19919->19920 19920->19918 19922 7ff6b7980d13 19921->19922 19923 7ff6b7986871 19921->19923 19922->19893 19922->19900 19924 7ff6b7975e48 _get_daylight 11 API calls 19923->19924 19925 7ff6b7986876 19924->19925 19926 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 19925->19926 19926->19922 19935 7ff6b7981548 EnterCriticalSection 19927->19935 21212 7ff6b7976280 21213 7ff6b797628b 21212->21213 21221 7ff6b7980514 21213->21221 21234 7ff6b7981548 EnterCriticalSection 21221->21234 21007 7ff6b796c110 21008 7ff6b796c120 21007->21008 21024 7ff6b797aae0 21008->21024 21010 7ff6b796c12c 21030 7ff6b796c418 21010->21030 21012 7ff6b796c199 21013 7ff6b796c6fc 7 API calls 21012->21013 21023 7ff6b796c1b5 21012->21023 21014 7ff6b796c1c5 21013->21014 21015 7ff6b796c144 _RTC_Initialize 21015->21012 21035 7ff6b796c5c8 21015->21035 21017 7ff6b796c159 21038 7ff6b7979f50 21017->21038 21025 7ff6b797aaf1 21024->21025 21026 7ff6b797aaf9 21025->21026 21027 7ff6b7975e48 _get_daylight 11 API calls 21025->21027 21026->21010 21028 7ff6b797ab08 21027->21028 21029 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 21028->21029 21029->21026 21031 7ff6b796c429 21030->21031 21034 7ff6b796c42e __scrt_acquire_startup_lock 21030->21034 21032 7ff6b796c6fc 7 API calls 21031->21032 21031->21034 21033 7ff6b796c4a2 21032->21033 21034->21015 21063 7ff6b796c58c 21035->21063 21037 7ff6b796c5d1 21037->21017 21039 7ff6b7979f70 21038->21039 21053 7ff6b796c165 21038->21053 21040 7ff6b7979f78 21039->21040 21041 7ff6b7979f8e GetModuleFileNameW 21039->21041 21042 7ff6b7975e48 _get_daylight 11 API calls 21040->21042 21045 7ff6b7979fb9 21041->21045 21043 7ff6b7979f7d 21042->21043 21044 7ff6b797b824 _invalid_parameter_noinfo 37 API calls 21043->21044 21044->21053 21046 7ff6b7979ef0 11 API calls 21045->21046 21047 7ff6b7979ff9 21046->21047 21048 7ff6b797a001 21047->21048 21052 7ff6b797a019 21047->21052 21049 7ff6b7975e48 _get_daylight 11 API calls 21048->21049 21050 7ff6b797a006 21049->21050 21051 7ff6b797b464 __free_lconv_mon 11 API calls 21050->21051 21051->21053 21055 7ff6b797a067 21052->21055 21056 7ff6b797a080 21052->21056 21061 7ff6b797a03b 21052->21061 21053->21012 21062 7ff6b796c69c InitializeSListHead 21053->21062 21054 7ff6b797b464 __free_lconv_mon 11 API calls 21054->21053 21057 7ff6b797b464 __free_lconv_mon 11 API calls 21055->21057 21058 7ff6b797b464 __free_lconv_mon 11 API calls 21056->21058 21059 7ff6b797a070 21057->21059 21058->21061 21060 7ff6b797b464 __free_lconv_mon 11 API calls 21059->21060 21060->21053 21061->21054 21064 7ff6b796c5a6 21063->21064 21066 7ff6b796c59f 21063->21066 21067 7ff6b797b16c 21064->21067 21066->21037 21070 7ff6b797ada8 21067->21070 21077 7ff6b7981548 EnterCriticalSection 21070->21077

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00007FF6B7968020 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 0 7ff6b7968020-7ff6b7968166 call 7ff6b796be10 call 7ff6b7968950 SetConsoleCtrlHandler GetStartupInfoW call 7ff6b7976260 call 7ff6b797b384 call 7ff6b7979658 call 7ff6b7976260 call 7ff6b797b384 call 7ff6b7979658 call 7ff6b7976260 call 7ff6b797b384 call 7ff6b7979658 GetCommandLineW CreateProcessW 23 7ff6b796818d-7ff6b79681c9 RegisterClassW 0->23 24 7ff6b7968168-7ff6b7968188 GetLastError call 7ff6b7962310 0->24 26 7ff6b79681cb GetLastError 23->26 27 7ff6b79681d1-7ff6b7968225 CreateWindowExW 23->27 32 7ff6b7968479-7ff6b796849f call 7ff6b796bb10 24->32 26->27 29 7ff6b7968227-7ff6b796822d GetLastError 27->29 30 7ff6b796822f-7ff6b7968234 ShowWindow 27->30 31 7ff6b796823a-7ff6b796824a WaitForSingleObject 29->31 30->31 33 7ff6b796824c 31->33 34 7ff6b79682c8-7ff6b79682cf 31->34 36 7ff6b7968250-7ff6b7968253 33->36 37 7ff6b7968312-7ff6b7968319 34->37 38 7ff6b79682d1-7ff6b79682e1 WaitForSingleObject 34->38 40 7ff6b796825b-7ff6b7968262 36->40 41 7ff6b7968255 GetLastError 36->41 44 7ff6b7968400-7ff6b7968419 GetMessageW 37->44 45 7ff6b796831f-7ff6b7968335 QueryPerformanceFrequency QueryPerformanceCounter 37->45 42 7ff6b7968438-7ff6b7968442 38->42 43 7ff6b79682e7-7ff6b79682f7 TerminateProcess 38->43 40->38 46 7ff6b7968264-7ff6b7968281 PeekMessageW 40->46 41->40 49 7ff6b7968444-7ff6b796844a DestroyWindow 42->49 50 7ff6b7968451-7ff6b7968475 GetExitCodeProcess CloseHandle * 2 42->50 51 7ff6b79682f9 GetLastError 43->51 52 7ff6b79682ff-7ff6b796830d WaitForSingleObject 43->52 47 7ff6b796841b-7ff6b7968429 TranslateMessage DispatchMessageW 44->47 48 7ff6b796842f-7ff6b7968436 44->48 53 7ff6b7968340-7ff6b7968378 MsgWaitForMultipleObjects PeekMessageW 45->53 56 7ff6b79682b6-7ff6b79682c6 WaitForSingleObject 46->56 57 7ff6b7968283-7ff6b79682b4 TranslateMessage DispatchMessageW PeekMessageW 46->57 47->48 48->42 48->44 49->50 50->32 51->52 52->42 54 7ff6b796837a 53->54 55 7ff6b79683b3-7ff6b79683ba 53->55 58 7ff6b7968380-7ff6b79683b1 TranslateMessage DispatchMessageW PeekMessageW 54->58 55->44 59 7ff6b79683bc-7ff6b79683e5 QueryPerformanceCounter 55->59 56->34 56->36 57->56 57->57 58->55 58->58 59->53 60 7ff6b79683eb-7ff6b79683f2 59->60 60->42 61 7ff6b79683f4-7ff6b79683f8 60->61 61->44
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLastMessage$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                    • API String ID: 4208240515-3165540532
                                                                                                                                    • Opcode ID: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                    • Instruction ID: 6004a57653a8f4f2703e372f75aaf65bc4ba140dcfb91c44ef4fa55662b4b9ee
                                                                                                                                    • Opcode Fuzzy Hash: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                    • Instruction Fuzzy Hash: 0CD16232A08B8386EB10EF78E8546A93761FF88B98F404235DB5D92AB6DF3CD145D750
                                                                                                                                    Function 00007FF6B7986E70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 505 7ff6b7986e70-7ff6b7986eab call 7ff6b79867f8 call 7ff6b7986800 call 7ff6b7986868 512 7ff6b79870d5-7ff6b7987121 call 7ff6b797b844 call 7ff6b79867f8 call 7ff6b7986800 call 7ff6b7986868 505->512 513 7ff6b7986eb1-7ff6b7986ebc call 7ff6b7986808 505->513 539 7ff6b7987127-7ff6b7987132 call 7ff6b7986808 512->539 540 7ff6b798725f-7ff6b79872cd call 7ff6b797b844 call 7ff6b79827e8 512->540 513->512 518 7ff6b7986ec2-7ff6b7986ecc 513->518 520 7ff6b7986eee-7ff6b7986ef2 518->520 521 7ff6b7986ece-7ff6b7986ed1 518->521 524 7ff6b7986ef5-7ff6b7986efd 520->524 523 7ff6b7986ed4-7ff6b7986edf 521->523 526 7ff6b7986eea-7ff6b7986eec 523->526 527 7ff6b7986ee1-7ff6b7986ee8 523->527 524->524 528 7ff6b7986eff-7ff6b7986f12 call 7ff6b797e6c4 524->528 526->520 530 7ff6b7986f1b-7ff6b7986f29 526->530 527->523 527->526 535 7ff6b7986f2a-7ff6b7986f36 call 7ff6b797b464 528->535 536 7ff6b7986f14-7ff6b7986f16 call 7ff6b797b464 528->536 546 7ff6b7986f3d-7ff6b7986f45 535->546 536->530 539->540 550 7ff6b7987138-7ff6b7987143 call 7ff6b7986838 539->550 558 7ff6b79872db-7ff6b79872de 540->558 559 7ff6b79872cf-7ff6b79872d6 540->559 546->546 549 7ff6b7986f47-7ff6b7986f58 call 7ff6b79816e4 546->549 549->512 560 7ff6b7986f5e-7ff6b7986fb4 call 7ff6b798b740 * 4 call 7ff6b7986d8c 549->560 550->540 557 7ff6b7987149-7ff6b798716c call 7ff6b797b464 GetTimeZoneInformation 550->557 571 7ff6b7987234-7ff6b798725e call 7ff6b79867f0 call 7ff6b79867e0 call 7ff6b79867e8 557->571 572 7ff6b7987172-7ff6b7987193 557->572 562 7ff6b7987315-7ff6b7987328 call 7ff6b797e6c4 558->562 563 7ff6b79872e0 558->563 564 7ff6b798736b-7ff6b798736e 559->564 617 7ff6b7986fb6-7ff6b7986fba 560->617 583 7ff6b798732a 562->583 584 7ff6b7987333-7ff6b798734e call 7ff6b79827e8 562->584 567 7ff6b79872e3 563->567 564->567 570 7ff6b7987374-7ff6b798737c call 7ff6b7986e70 564->570 573 7ff6b79872e8-7ff6b7987314 call 7ff6b797b464 call 7ff6b796bb10 567->573 574 7ff6b79872e3 call 7ff6b79870ec 567->574 570->573 578 7ff6b7987195-7ff6b798719b 572->578 579 7ff6b798719e-7ff6b79871a5 572->579 574->573 578->579 587 7ff6b79871b9 579->587 588 7ff6b79871a7-7ff6b79871af 579->588 592 7ff6b798732c-7ff6b7987331 call 7ff6b797b464 583->592 601 7ff6b7987355-7ff6b7987367 call 7ff6b797b464 584->601 602 7ff6b7987350-7ff6b7987353 584->602 599 7ff6b79871bb-7ff6b798722f call 7ff6b798b740 * 4 call 7ff6b7983dcc call 7ff6b7987384 * 2 587->599 588->587 595 7ff6b79871b1-7ff6b79871b7 588->595 592->563 595->599 599->571 601->564 602->592 620 7ff6b7986fbc 617->620 621 7ff6b7986fc0-7ff6b7986fc4 617->621 620->621 621->617 623 7ff6b7986fc6-7ff6b7986feb call 7ff6b7977b18 621->623 629 7ff6b7986fee-7ff6b7986ff2 623->629 631 7ff6b7986ff4-7ff6b7986fff 629->631 632 7ff6b7987001-7ff6b7987005 629->632 631->632 634 7ff6b7987007-7ff6b798700b 631->634 632->629 636 7ff6b798700d-7ff6b7987035 call 7ff6b7977b18 634->636 637 7ff6b798708c-7ff6b7987090 634->637 645 7ff6b7987037 636->645 646 7ff6b7987053-7ff6b7987057 636->646 638 7ff6b7987097-7ff6b79870a4 637->638 639 7ff6b7987092-7ff6b7987094 637->639 641 7ff6b79870a6-7ff6b79870bc call 7ff6b7986d8c 638->641 642 7ff6b79870bf-7ff6b79870ce call 7ff6b79867f0 call 7ff6b79867e0 638->642 639->638 641->642 642->512 650 7ff6b798703a-7ff6b7987041 645->650 646->637 648 7ff6b7987059-7ff6b7987077 call 7ff6b7977b18 646->648 657 7ff6b7987083-7ff6b798708a 648->657 650->646 654 7ff6b7987043-7ff6b7987051 650->654 654->646 654->650 657->637 658 7ff6b7987079-7ff6b798707d 657->658 658->637 659 7ff6b798707f 658->659 659->657
                                                                                                                                    APIs
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B7986EB5
                                                                                                                                      • Part of subcall function 00007FF6B7986808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798681C
                                                                                                                                      • Part of subcall function 00007FF6B797B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                      • Part of subcall function 00007FF6B797B464: GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                      • Part of subcall function 00007FF6B797B844: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6B797B823,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797B84D
                                                                                                                                      • Part of subcall function 00007FF6B797B844: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6B797B823,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797B872
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B7986EA4
                                                                                                                                      • Part of subcall function 00007FF6B7986868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798687C
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798711A
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798712B
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798713C
                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B798737C), ref: 00007FF6B7987163
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                    • Opcode ID: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                                                                                    • Instruction ID: 39bd5037666336b1f83ce5c3399a79ce264552e4a4dab4cb6364c46e1f0ad2c8
                                                                                                                                    • Opcode Fuzzy Hash: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                                                                                    • Instruction Fuzzy Hash: 6BD18C26E0825386EB20FF6AD8515B96761EF847D4F448136EB4DCBAA7DF3CE4418740
                                                                                                                                    Function 00007FF6B7987BD4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 719 7ff6b7987bd4-7ff6b7987c47 call 7ff6b7987908 722 7ff6b7987c49-7ff6b7987c52 call 7ff6b7975e28 719->722 723 7ff6b7987c61-7ff6b7987c6b call 7ff6b797945c 719->723 730 7ff6b7987c55-7ff6b7987c5c call 7ff6b7975e48 722->730 728 7ff6b7987c6d-7ff6b7987c84 call 7ff6b7975e28 call 7ff6b7975e48 723->728 729 7ff6b7987c86-7ff6b7987cef CreateFileW 723->729 728->730 733 7ff6b7987d6c-7ff6b7987d77 GetFileType 729->733 734 7ff6b7987cf1-7ff6b7987cf7 729->734 741 7ff6b7987fa2-7ff6b7987fc2 730->741 736 7ff6b7987dca-7ff6b7987dd1 733->736 737 7ff6b7987d79-7ff6b7987db4 GetLastError call 7ff6b7975dbc CloseHandle 733->737 739 7ff6b7987d39-7ff6b7987d67 GetLastError call 7ff6b7975dbc 734->739 740 7ff6b7987cf9-7ff6b7987cfd 734->740 744 7ff6b7987dd9-7ff6b7987ddc 736->744 745 7ff6b7987dd3-7ff6b7987dd7 736->745 737->730 753 7ff6b7987dba-7ff6b7987dc5 call 7ff6b7975e48 737->753 739->730 740->739 746 7ff6b7987cff-7ff6b7987d37 CreateFileW 740->746 751 7ff6b7987de2-7ff6b7987e37 call 7ff6b7979374 744->751 752 7ff6b7987dde 744->752 745->751 746->733 746->739 758 7ff6b7987e39-7ff6b7987e45 call 7ff6b7987b10 751->758 759 7ff6b7987e56-7ff6b7987e87 call 7ff6b7987688 751->759 752->751 753->730 758->759 764 7ff6b7987e47 758->764 765 7ff6b7987e8d-7ff6b7987ecf 759->765 766 7ff6b7987e89-7ff6b7987e8b 759->766 767 7ff6b7987e49-7ff6b7987e51 call 7ff6b797b9c8 764->767 768 7ff6b7987ef1-7ff6b7987efc 765->768 769 7ff6b7987ed1-7ff6b7987ed5 765->769 766->767 767->741 772 7ff6b7987f02-7ff6b7987f06 768->772 773 7ff6b7987fa0 768->773 769->768 771 7ff6b7987ed7-7ff6b7987eec 769->771 771->768 772->773 775 7ff6b7987f0c-7ff6b7987f51 CloseHandle CreateFileW 772->775 773->741 776 7ff6b7987f86-7ff6b7987f9b 775->776 777 7ff6b7987f53-7ff6b7987f81 GetLastError call 7ff6b7975dbc call 7ff6b797959c 775->777 776->773 777->776
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                    • Opcode ID: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                    • Instruction ID: 94551cd22de5251bd98bd5012f0edc41f2c3057fba1928851bf56f57cdf33cea
                                                                                                                                    • Opcode Fuzzy Hash: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                    • Instruction Fuzzy Hash: 24C1A036B28A4385EB10EFA9D4906AC3761FB49BA8B011225DB2ED77A6DF38D451C340
                                                                                                                                    Function 00007FF6B7967800 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                    • String ID: %s\*
                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                    • Opcode ID: d57e7e696b90763087bb52608de81a3ef4359c1814b552ec37b5c7e1afda5017
                                                                                                                                    • Instruction ID: 4e4bef1f7ca2be19094be934fdadf209b8354953ad750e4de2f7bf6a14032438
                                                                                                                                    • Opcode Fuzzy Hash: d57e7e696b90763087bb52608de81a3ef4359c1814b552ec37b5c7e1afda5017
                                                                                                                                    • Instruction Fuzzy Hash: F6411221A1C54385EB30BB78E4546B963A1FB94B94F500732D75DC36AAEF3CD646C780
                                                                                                                                    Function 00007FF6B79870EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1040 7ff6b79870ec-7ff6b7987121 call 7ff6b79867f8 call 7ff6b7986800 call 7ff6b7986868 1047 7ff6b7987127-7ff6b7987132 call 7ff6b7986808 1040->1047 1048 7ff6b798725f-7ff6b79872cd call 7ff6b797b844 call 7ff6b79827e8 1040->1048 1047->1048 1054 7ff6b7987138-7ff6b7987143 call 7ff6b7986838 1047->1054 1060 7ff6b79872db-7ff6b79872de 1048->1060 1061 7ff6b79872cf-7ff6b79872d6 1048->1061 1054->1048 1059 7ff6b7987149-7ff6b798716c call 7ff6b797b464 GetTimeZoneInformation 1054->1059 1070 7ff6b7987234-7ff6b798725e call 7ff6b79867f0 call 7ff6b79867e0 call 7ff6b79867e8 1059->1070 1071 7ff6b7987172-7ff6b7987193 1059->1071 1063 7ff6b7987315-7ff6b7987328 call 7ff6b797e6c4 1060->1063 1064 7ff6b79872e0 1060->1064 1065 7ff6b798736b-7ff6b798736e 1061->1065 1080 7ff6b798732a 1063->1080 1081 7ff6b7987333-7ff6b798734e call 7ff6b79827e8 1063->1081 1067 7ff6b79872e3 1064->1067 1065->1067 1069 7ff6b7987374-7ff6b798737c call 7ff6b7986e70 1065->1069 1072 7ff6b79872e8-7ff6b7987314 call 7ff6b797b464 call 7ff6b796bb10 1067->1072 1073 7ff6b79872e3 call 7ff6b79870ec 1067->1073 1069->1072 1076 7ff6b7987195-7ff6b798719b 1071->1076 1077 7ff6b798719e-7ff6b79871a5 1071->1077 1073->1072 1076->1077 1084 7ff6b79871b9 1077->1084 1085 7ff6b79871a7-7ff6b79871af 1077->1085 1088 7ff6b798732c-7ff6b7987331 call 7ff6b797b464 1080->1088 1096 7ff6b7987355-7ff6b7987367 call 7ff6b797b464 1081->1096 1097 7ff6b7987350-7ff6b7987353 1081->1097 1094 7ff6b79871bb-7ff6b798722f call 7ff6b798b740 * 4 call 7ff6b7983dcc call 7ff6b7987384 * 2 1084->1094 1085->1084 1091 7ff6b79871b1-7ff6b79871b7 1085->1091 1088->1064 1091->1094 1094->1070 1096->1065 1097->1088
                                                                                                                                    APIs
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798711A
                                                                                                                                      • Part of subcall function 00007FF6B7986868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798687C
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798712B
                                                                                                                                      • Part of subcall function 00007FF6B7986808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798681C
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798713C
                                                                                                                                      • Part of subcall function 00007FF6B7986838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798684C
                                                                                                                                      • Part of subcall function 00007FF6B797B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                      • Part of subcall function 00007FF6B797B464: GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B798737C), ref: 00007FF6B7987163
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                    • Opcode ID: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                                                                                    • Instruction ID: c96997d70828ee8cfc6c20714309d282283c0fb39847b14170b9a4d50c716916
                                                                                                                                    • Opcode Fuzzy Hash: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                                                                                    • Instruction Fuzzy Hash: 7D511926E1864386E720FF69E8915A96761FB88784F44413AEB4DC7BB7DF3CE4418B40
                                                                                                                                    Function 00007FF6B7968840 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                    • Opcode ID: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                    • Instruction ID: 54e56b313b9a0cbad27098c3cd4586d5f9fd269d7ff139d19330e8eac6541a83
                                                                                                                                    • Opcode Fuzzy Hash: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                    • Instruction Fuzzy Hash: C6F0AF22A1864386F7A09B68B84876673A0FB84B64F400336DB7E826E5DF3CD1098A00
                                                                                                                                    Function 00007FF6B7981B38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                    • Opcode ID: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                                                                                    • Instruction ID: 3da478c7aa7b04439a8c323ddeeacd23fb3d476f31b10e3473496e9687cf6ab6
                                                                                                                                    • Opcode Fuzzy Hash: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                                                                                    • Instruction Fuzzy Hash: E4026921E1EA4381FE65BB2DA8016796694AF45BE0F554639EF6DC63F3DF3CA8118300
                                                                                                                                    Function 00007FF6B7961000 Relevance: 61.8, APIs: 3, Strings: 32, Instructions: 527COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                    • API String ID: 2776309574-3325264605
                                                                                                                                    • Opcode ID: e2bb2aa78db0649249140bb69c933f28b24c8632900830e7cc565fe25349ac5c
                                                                                                                                    • Instruction ID: 348b3eb0d342db8d84991636e9c410ac2506de42be019de96a3377275ab4cd8e
                                                                                                                                    • Opcode Fuzzy Hash: e2bb2aa78db0649249140bb69c933f28b24c8632900830e7cc565fe25349ac5c
                                                                                                                                    • Instruction Fuzzy Hash: 3E427F21A0C68391FB25FB28D4152F966A1AF55780F844232DB5EC62F7EF2CE749D390
                                                                                                                                    Function 00007FF6B7961930 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 357 7ff6b7961930-7ff6b796196b call 7ff6b79639d0 360 7ff6b7961c2e-7ff6b7961c52 call 7ff6b796bb10 357->360 361 7ff6b7961971-7ff6b79619b1 call 7ff6b79673d0 357->361 366 7ff6b7961c1b-7ff6b7961c1e call 7ff6b796f5a4 361->366 367 7ff6b79619b7-7ff6b79619c7 call 7ff6b796fc2c 361->367 371 7ff6b7961c23-7ff6b7961c2b 366->371 372 7ff6b79619c9-7ff6b79619e3 call 7ff6b7975e48 call 7ff6b7962020 367->372 373 7ff6b79619e8-7ff6b7961a04 call 7ff6b796f8f4 367->373 371->360 372->366 379 7ff6b7961a06-7ff6b7961a20 call 7ff6b7975e48 call 7ff6b7962020 373->379 380 7ff6b7961a25-7ff6b7961a3a call 7ff6b7975e68 373->380 379->366 387 7ff6b7961a5b-7ff6b7961adc call 7ff6b7961c60 * 2 call 7ff6b796fc2c 380->387 388 7ff6b7961a3c-7ff6b7961a56 call 7ff6b7975e48 call 7ff6b7962020 380->388 399 7ff6b7961ae1-7ff6b7961af4 call 7ff6b7975e84 387->399 388->366 402 7ff6b7961af6-7ff6b7961b10 call 7ff6b7975e48 call 7ff6b7962020 399->402 403 7ff6b7961b15-7ff6b7961b2e call 7ff6b796f8f4 399->403 402->366 408 7ff6b7961b4f-7ff6b7961b6b call 7ff6b796f668 403->408 409 7ff6b7961b30-7ff6b7961b4a call 7ff6b7975e48 call 7ff6b7962020 403->409 417 7ff6b7961b6d-7ff6b7961b79 call 7ff6b7961e50 408->417 418 7ff6b7961b7e-7ff6b7961b8c 408->418 409->366 417->366 418->366 421 7ff6b7961b92-7ff6b7961b99 418->421 422 7ff6b7961ba1-7ff6b7961ba7 421->422 424 7ff6b7961ba9-7ff6b7961bb6 422->424 425 7ff6b7961bc0-7ff6b7961bcf 422->425 426 7ff6b7961bd1-7ff6b7961bda 424->426 425->425 425->426 427 7ff6b7961bdc-7ff6b7961bdf 426->427 428 7ff6b7961bef 426->428 427->428 429 7ff6b7961be1-7ff6b7961be4 427->429 430 7ff6b7961bf1-7ff6b7961c04 428->430 429->428 431 7ff6b7961be6-7ff6b7961be9 429->431 432 7ff6b7961c0d-7ff6b7961c19 430->432 433 7ff6b7961c06 430->433 431->428 434 7ff6b7961beb-7ff6b7961bed 431->434 432->366 432->422 433->432 434->430
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF6B79673D0: _fread_nolock.LIBCMT ref: 00007FF6B796747A
                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF6B79619FB
                                                                                                                                      • Part of subcall function 00007FF6B7962020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6B7961B4A), ref: 00007FF6B7962070
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                    • Opcode ID: fc2fb9a8a5a79160cb2202e62325a09c02ca716f37c8f6e63efd54186dd90b7f
                                                                                                                                    • Instruction ID: 8b240907943072b703d64f1942ad20c865debebd85efea3803fc5f0b2109ce44
                                                                                                                                    • Opcode Fuzzy Hash: fc2fb9a8a5a79160cb2202e62325a09c02ca716f37c8f6e63efd54186dd90b7f
                                                                                                                                    • Instruction Fuzzy Hash: D3818071A0D68785EB50FB28D0416B933A1EF48B84F444236EB8DC77ABDE3CE6459780
                                                                                                                                    Function 00007FF6B79615E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 435 7ff6b79615e0-7ff6b79615f1 436 7ff6b7961617-7ff6b7961631 call 7ff6b79639d0 435->436 437 7ff6b79615f3-7ff6b79615fc call 7ff6b7961030 435->437 442 7ff6b7961633-7ff6b7961661 call 7ff6b7975e48 call 7ff6b7962020 436->442 443 7ff6b7961662-7ff6b796167c call 7ff6b79639d0 436->443 444 7ff6b796160e-7ff6b7961616 437->444 445 7ff6b79615fe-7ff6b7961609 call 7ff6b7961e50 437->445 452 7ff6b7961698-7ff6b79616af call 7ff6b796fc2c 443->452 453 7ff6b796167e-7ff6b7961693 call 7ff6b7961e50 443->453 445->444 460 7ff6b79616d9-7ff6b79616dd 452->460 461 7ff6b79616b1-7ff6b79616d4 call 7ff6b7975e48 call 7ff6b7962020 452->461 459 7ff6b7961801-7ff6b7961804 call 7ff6b796f5a4 453->459 469 7ff6b7961809-7ff6b796181b 459->469 462 7ff6b79616f7-7ff6b7961717 call 7ff6b7975e84 460->462 463 7ff6b79616df-7ff6b79616eb call 7ff6b79611f0 460->463 474 7ff6b79617f9-7ff6b79617fc call 7ff6b796f5a4 461->474 475 7ff6b7961719-7ff6b796173c call 7ff6b7975e48 call 7ff6b7962020 462->475 476 7ff6b7961741-7ff6b796174c 462->476 471 7ff6b79616f0-7ff6b79616f2 463->471 471->474 474->459 488 7ff6b79617ef-7ff6b79617f4 475->488 477 7ff6b79617e2-7ff6b79617ea call 7ff6b7975e70 476->477 478 7ff6b7961752-7ff6b7961757 476->478 477->488 481 7ff6b7961760-7ff6b7961782 call 7ff6b796f8f4 478->481 490 7ff6b79617ba-7ff6b79617c6 call 7ff6b7975e48 481->490 491 7ff6b7961784-7ff6b796179c call 7ff6b7970034 481->491 488->474 498 7ff6b79617cd-7ff6b79617d8 call 7ff6b7962020 490->498 496 7ff6b79617a5-7ff6b79617b8 call 7ff6b7975e48 491->496 497 7ff6b796179e-7ff6b79617a1 491->497 496->498 497->481 500 7ff6b79617a3 497->500 503 7ff6b79617dd 498->503 500->503 503->477
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                    • Opcode ID: 7d9567d77c6d9c76906ce8b040b7c71ad6228c907d8fff49df9d6df50bf3cbdb
                                                                                                                                    • Instruction ID: be29416225ddeac9d5b9d8037cb9ba64e2c505b3c5fb962e7b6bbd1399c12150
                                                                                                                                    • Opcode Fuzzy Hash: 7d9567d77c6d9c76906ce8b040b7c71ad6228c907d8fff49df9d6df50bf3cbdb
                                                                                                                                    • Instruction Fuzzy Hash: 1C517F61B08A4392EB10BB19A4105B963A1BF48B94F844232EF1CC77B7DF3CEA55D780
                                                                                                                                    Function 00007FF6B7967CA0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GetTempPathW.KERNEL32(FFFFFFFF,00000000,?,00007FF6B7963101), ref: 00007FF6B7967D44
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00007FF6B7963101), ref: 00007FF6B7967D4A
                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00007FF6B7963101), ref: 00007FF6B7967D8C
                                                                                                                                      • Part of subcall function 00007FF6B7967E70: GetEnvironmentVariableW.KERNEL32(00007FF6B7962C4F), ref: 00007FF6B7967EA7
                                                                                                                                      • Part of subcall function 00007FF6B7967E70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6B7967EC9
                                                                                                                                      • Part of subcall function 00007FF6B7979174: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B797918D
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                    • API String ID: 365913792-1339014028
                                                                                                                                    • Opcode ID: 93349d7b9616cd7418fb1fb7d836f55c0d98c0562c0ac1a5b6313c198f173f9d
                                                                                                                                    • Instruction ID: e80b1e8443462f84b561dfc35e99fddf3bea5e7a6f92fe667623bf66039b53d2
                                                                                                                                    • Opcode Fuzzy Hash: 93349d7b9616cd7418fb1fb7d836f55c0d98c0562c0ac1a5b6313c198f173f9d
                                                                                                                                    • Instruction Fuzzy Hash: 1A418021A1964350FB60FB2D99552F92292AF897D0F501631EF0DC77BBEE3CE6058780
                                                                                                                                    Function 00007FF6B79611F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 782 7ff6b79611f0-7ff6b796124d call 7ff6b796b340 785 7ff6b7961277-7ff6b796128f call 7ff6b7975e84 782->785 786 7ff6b796124f-7ff6b7961276 call 7ff6b7961e50 782->786 791 7ff6b79612b4-7ff6b79612c4 call 7ff6b7975e84 785->791 792 7ff6b7961291-7ff6b79612af call 7ff6b7975e48 call 7ff6b7962020 785->792 798 7ff6b79612c6-7ff6b79612e4 call 7ff6b7975e48 call 7ff6b7962020 791->798 799 7ff6b79612e9-7ff6b79612fb 791->799 804 7ff6b7961419-7ff6b796142e call 7ff6b796b020 call 7ff6b7975e70 * 2 792->804 798->804 800 7ff6b7961300-7ff6b7961325 call 7ff6b796f8f4 799->800 810 7ff6b796132b-7ff6b7961335 call 7ff6b796f668 800->810 811 7ff6b7961411 800->811 819 7ff6b7961433-7ff6b796144d 804->819 810->811 818 7ff6b796133b-7ff6b7961347 810->818 811->804 820 7ff6b7961350-7ff6b7961378 call 7ff6b7969780 818->820 823 7ff6b796137a-7ff6b796137d 820->823 824 7ff6b79613f6-7ff6b796140c call 7ff6b7961e50 820->824 825 7ff6b796137f-7ff6b7961389 823->825 826 7ff6b79613f1 823->826 824->811 828 7ff6b796138b-7ff6b7961399 call 7ff6b7970034 825->828 829 7ff6b79613b4-7ff6b79613b7 825->829 826->824 835 7ff6b796139e-7ff6b79613a1 828->835 830 7ff6b79613ca-7ff6b79613cf 829->830 831 7ff6b79613b9-7ff6b79613c7 call 7ff6b798b0a0 829->831 830->820 834 7ff6b79613d5-7ff6b79613d8 830->834 831->830 839 7ff6b79613da-7ff6b79613dd 834->839 840 7ff6b79613ec-7ff6b79613ef 834->840 836 7ff6b79613a3-7ff6b79613ad call 7ff6b796f668 835->836 837 7ff6b79613af-7ff6b79613b2 835->837 836->830 836->837 837->824 839->824 842 7ff6b79613df-7ff6b79613e7 839->842 840->811 842->800
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                    • Opcode ID: 30a135f328e13ea8cfa75db9435735ae70663f86d9eb3de89f3f5a6e45aa4292
                                                                                                                                    • Instruction ID: 48a1a46ab83925c280a288d66d2933eec97d4e79159434fea5c754233ab6318d
                                                                                                                                    • Opcode Fuzzy Hash: 30a135f328e13ea8cfa75db9435735ae70663f86d9eb3de89f3f5a6e45aa4292
                                                                                                                                    • Instruction Fuzzy Hash: 9A51A122A09A8385E760BB19A4407BA6291BF85B94F444235EF4EC77B7EF3CE645C740
                                                                                                                                    Function 00007FF6B797FF7C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6B7980316,?,?,-00000018,00007FF6B797BC5B,?,?,?,00007FF6B797BB52,?,?,?,00007FF6B7976EFE), ref: 00007FF6B79800F8
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6B7980316,?,?,-00000018,00007FF6B797BC5B,?,?,?,00007FF6B797BB52,?,?,?,00007FF6B7976EFE), ref: 00007FF6B7980104
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                    • Opcode ID: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                    • Instruction ID: d2e04223ced88ceb13463578c2fa9ce095faabb4bb44e78589a2b5da4d0795d1
                                                                                                                                    • Opcode Fuzzy Hash: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                    • Instruction Fuzzy Hash: B441C022B1AA4345FA15EF1EA80067522A1BF49BE0F084135DF2ED77A6EF7DE445C300
                                                                                                                                    Function 00007FF6B7962A70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF6B7962BC5), ref: 00007FF6B7962AA1
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B7962BC5), ref: 00007FF6B7962AAB
                                                                                                                                      • Part of subcall function 00007FF6B7962310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B7962360
                                                                                                                                      • Part of subcall function 00007FF6B7962310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B796241A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                    • API String ID: 4002088556-2863816727
                                                                                                                                    • Opcode ID: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                    • Instruction ID: d163e186fb902545740b755f5702483ee74828f82fca03baacea61e7f3612953
                                                                                                                                    • Opcode Fuzzy Hash: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                    • Instruction Fuzzy Hash: 83214161B1864381FB60BB2CE8153B62260FF49794F800236E75DC65F7EE2CE7048784
                                                                                                                                    Function 00007FF6B797C95C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 927 7ff6b797c95c-7ff6b797c982 928 7ff6b797c99d-7ff6b797c9a1 927->928 929 7ff6b797c984-7ff6b797c998 call 7ff6b7975e28 call 7ff6b7975e48 927->929 931 7ff6b797cd77-7ff6b797cd83 call 7ff6b7975e28 call 7ff6b7975e48 928->931 932 7ff6b797c9a7-7ff6b797c9ae 928->932 947 7ff6b797cd8e 929->947 949 7ff6b797cd89 call 7ff6b797b824 931->949 932->931 934 7ff6b797c9b4-7ff6b797c9e2 932->934 934->931 938 7ff6b797c9e8-7ff6b797c9ef 934->938 939 7ff6b797ca08-7ff6b797ca0b 938->939 940 7ff6b797c9f1-7ff6b797ca03 call 7ff6b7975e28 call 7ff6b7975e48 938->940 945 7ff6b797cd73-7ff6b797cd75 939->945 946 7ff6b797ca11-7ff6b797ca17 939->946 940->949 950 7ff6b797cd91-7ff6b797cda8 945->950 946->945 951 7ff6b797ca1d-7ff6b797ca20 946->951 947->950 949->947 951->940 954 7ff6b797ca22-7ff6b797ca47 951->954 956 7ff6b797ca7a-7ff6b797ca81 954->956 957 7ff6b797ca49-7ff6b797ca4b 954->957 958 7ff6b797ca56-7ff6b797ca6d call 7ff6b7975e28 call 7ff6b7975e48 call 7ff6b797b824 956->958 959 7ff6b797ca83-7ff6b797caab call 7ff6b797e6c4 call 7ff6b797b464 * 2 956->959 960 7ff6b797ca4d-7ff6b797ca54 957->960 961 7ff6b797ca72-7ff6b797ca78 957->961 988 7ff6b797cc00 958->988 990 7ff6b797caad-7ff6b797cac3 call 7ff6b7975e48 call 7ff6b7975e28 959->990 991 7ff6b797cac8-7ff6b797caf3 call 7ff6b797d184 959->991 960->958 960->961 962 7ff6b797caf8-7ff6b797cb0f 961->962 965 7ff6b797cb8a-7ff6b797cb94 call 7ff6b7984b8c 962->965 966 7ff6b797cb11-7ff6b797cb19 962->966 977 7ff6b797cb9a-7ff6b797cbaf 965->977 978 7ff6b797cc1e 965->978 966->965 969 7ff6b797cb1b-7ff6b797cb1d 966->969 969->965 973 7ff6b797cb1f-7ff6b797cb35 969->973 973->965 980 7ff6b797cb37-7ff6b797cb43 973->980 977->978 982 7ff6b797cbb1-7ff6b797cbc3 GetConsoleMode 977->982 986 7ff6b797cc23-7ff6b797cc43 ReadFile 978->986 980->965 984 7ff6b797cb45-7ff6b797cb47 980->984 982->978 987 7ff6b797cbc5-7ff6b797cbcd 982->987 984->965 989 7ff6b797cb49-7ff6b797cb61 984->989 992 7ff6b797cd3d-7ff6b797cd46 GetLastError 986->992 993 7ff6b797cc49-7ff6b797cc51 986->993 987->986 995 7ff6b797cbcf-7ff6b797cbf1 ReadConsoleW 987->995 998 7ff6b797cc03-7ff6b797cc0d call 7ff6b797b464 988->998 989->965 999 7ff6b797cb63-7ff6b797cb6f 989->999 990->988 991->962 996 7ff6b797cd48-7ff6b797cd5e call 7ff6b7975e48 call 7ff6b7975e28 992->996 997 7ff6b797cd63-7ff6b797cd66 992->997 993->992 1001 7ff6b797cc57 993->1001 1004 7ff6b797cbf3 GetLastError 995->1004 1005 7ff6b797cc12-7ff6b797cc1c 995->1005 996->988 1009 7ff6b797cd6c-7ff6b797cd6e 997->1009 1010 7ff6b797cbf9-7ff6b797cbfb call 7ff6b7975dbc 997->1010 998->950 999->965 1008 7ff6b797cb71-7ff6b797cb73 999->1008 1002 7ff6b797cc5e-7ff6b797cc73 1001->1002 1002->998 1012 7ff6b797cc75-7ff6b797cc80 1002->1012 1004->1010 1005->1002 1008->965 1016 7ff6b797cb75-7ff6b797cb85 1008->1016 1009->998 1010->988 1018 7ff6b797cca7-7ff6b797ccaf 1012->1018 1019 7ff6b797cc82-7ff6b797cc9b call 7ff6b797c574 1012->1019 1016->965 1023 7ff6b797cd2b-7ff6b797cd38 call 7ff6b797c3b4 1018->1023 1024 7ff6b797ccb1-7ff6b797ccc3 1018->1024 1027 7ff6b797cca0-7ff6b797cca2 1019->1027 1023->1027 1028 7ff6b797ccc5 1024->1028 1029 7ff6b797cd1e-7ff6b797cd26 1024->1029 1027->998 1031 7ff6b797ccca-7ff6b797ccd1 1028->1031 1029->998 1032 7ff6b797cd0d-7ff6b797cd18 1031->1032 1033 7ff6b797ccd3-7ff6b797ccd7 1031->1033 1032->1029 1034 7ff6b797ccd9-7ff6b797cce0 1033->1034 1035 7ff6b797ccf3 1033->1035 1034->1035 1036 7ff6b797cce2-7ff6b797cce6 1034->1036 1037 7ff6b797ccf9-7ff6b797cd09 1035->1037 1036->1035 1038 7ff6b797cce8-7ff6b797ccf1 1036->1038 1037->1031 1039 7ff6b797cd0b 1037->1039 1038->1037 1039->1029
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                                                                                    • Instruction ID: f6a68e91d677feff32aef6672eb36b6f5fee02a9aef14de13f78695aa0f1d370
                                                                                                                                    • Opcode Fuzzy Hash: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                                                                                    • Instruction Fuzzy Hash: 9AC1C532A0CA8391E751AB1D94442BD2B98EF86B90F595531EB6E837F3CF7CE8458740
                                                                                                                                    Function 00007FF6B7967BB0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                    • Opcode ID: cf92fa18b9e00c3d9d6dbbac75613ba75212e4a615f40cb6368d246a710d7e34
                                                                                                                                    • Instruction ID: 45281c874f85086b768c6b44e2074150a6b544e5ab4e2484159b3becd87e28be
                                                                                                                                    • Opcode Fuzzy Hash: cf92fa18b9e00c3d9d6dbbac75613ba75212e4a615f40cb6368d246a710d7e34
                                                                                                                                    • Instruction Fuzzy Hash: 3C212331A0CA4391EB50AF69A44462AA7A1EF85BF0F100335D76DC3BFADF6CD5458740
                                                                                                                                    Function 00007FF6B79685C0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetCurrentProcess.KERNEL32 ref: 00007FF6B7967BD0
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: OpenProcessToken.ADVAPI32 ref: 00007FF6B7967BE3
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetTokenInformation.KERNELBASE ref: 00007FF6B7967C08
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetLastError.KERNEL32 ref: 00007FF6B7967C12
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetTokenInformation.KERNELBASE ref: 00007FF6B7967C52
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6B7967C6E
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: CloseHandle.KERNEL32 ref: 00007FF6B7967C86
                                                                                                                                    • LocalFree.KERNEL32(00000000,00007FF6B7963099), ref: 00007FF6B796864C
                                                                                                                                    • LocalFree.KERNEL32 ref: 00007FF6B7968655
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                    • Opcode ID: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                    • Instruction ID: a457fd5b9c57b5c90022e46c25fd8ce8d9ae435fb8463d375d8835dc5417ee6c
                                                                                                                                    • Opcode Fuzzy Hash: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                    • Instruction Fuzzy Hash: 18216B21A08A4382F750BB28E5106EA62A1EF88780F945131EB4DD37A7DF3CDA448780
                                                                                                                                    Function 00007FF6B7967260 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6B79628EC,FFFFFFFF,00000000,00007FF6B796336A), ref: 00007FF6B7967372
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                    • Opcode ID: 8483aebf73e132e5a1e11bd86e0dae461c6ec9d36d7fd58fe1f5dbf943300de9
                                                                                                                                    • Instruction ID: 61877e850d5ef7d61153ec58947723f1b9e133b639fb29487e7f2ee848b84086
                                                                                                                                    • Opcode Fuzzy Hash: 8483aebf73e132e5a1e11bd86e0dae461c6ec9d36d7fd58fe1f5dbf943300de9
                                                                                                                                    • Instruction Fuzzy Hash: 74319821619AC785EB21AB29E4507BA6355EB84BE0F440331EF6DC77EAEE2CD3458740
                                                                                                                                    Function 00007FF6B797DE60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B797DE4B), ref: 00007FF6B797DF7C
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B797DE4B), ref: 00007FF6B797E007
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                    • Opcode ID: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                    • Instruction ID: 4e02e004eaebba3e0e2a4cc58bb0726a06039fe2033691009da1a24654edde12
                                                                                                                                    • Opcode Fuzzy Hash: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                    • Instruction Fuzzy Hash: 51919F32F1865389F760AF6D94402BD2BA0BB45B88F544139DF0EA7AA6DF3CE442D701
                                                                                                                                    Function 00007FF6B7980BFC Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                    • Opcode ID: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                    • Instruction ID: 08f64193a88d019a8c6830437770f327a80ae83f9d679bb967d3d332eb4c5941
                                                                                                                                    • Opcode Fuzzy Hash: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                    • Instruction Fuzzy Hash: 6251B072F042178AFB14EF6C99956BC2AA5AB00398F510239DF1ED6AF6DF38E4418700
                                                                                                                                    Function 00007FF6B7976738 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                    • Opcode ID: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                    • Instruction ID: 1ede397997efe24a2dfd204eab3e7815542f95540b4093516275db8da9a06dff
                                                                                                                                    • Opcode Fuzzy Hash: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                    • Instruction Fuzzy Hash: B7516E22E086438AF714EF79D4503BD27B1AF48B98F144539DF0E9B6AADF38D4518750
                                                                                                                                    Function 00007FF6B79765E4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                    • Opcode ID: 6ce4c88b6d2478032947ca8abe21e63121e2028da5231a2800b2a2486ebac064
                                                                                                                                    • Instruction ID: 50b4213362df1d59f137e6698c18ded17fdcc238f71871929ecb457a086ddc1f
                                                                                                                                    • Opcode Fuzzy Hash: 6ce4c88b6d2478032947ca8abe21e63121e2028da5231a2800b2a2486ebac064
                                                                                                                                    • Instruction Fuzzy Hash: D2419222E18B8383E754AB2595103A96260FF957A4F109334E79D83AE7EF6CA5E08740
                                                                                                                                    Function 00007FF6B797A968 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                    • Opcode ID: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                    • Instruction ID: 0fe3963dc8aa7991a3a858cf50c2e412519600cd6bb4841f527815dabcfaff88
                                                                                                                                    • Opcode Fuzzy Hash: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                    • Instruction Fuzzy Hash: 8CD09210B0C60342EA5CBB7D5C9527912519F8CBA1F012838CA8F863B3CE2DE8595720
                                                                                                                                    Function 00007FF6B796F694 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: eff41cba983b05e0f9e09f52185aba8178b112ae95ee52c2a1f9a5fdd57fcc68
                                                                                                                                    • Instruction ID: 8d5e653d89a6e57d740953ff50b58351a27fbe6cf7cabfe564a0a7376aa2d63e
                                                                                                                                    • Opcode Fuzzy Hash: eff41cba983b05e0f9e09f52185aba8178b112ae95ee52c2a1f9a5fdd57fcc68
                                                                                                                                    • Instruction Fuzzy Hash: 4C519562B0968786FB64BB2D940067A6692BF44BA4F184734EF6D877F7CF3CD5018640
                                                                                                                                    Function 00007FF6B796C1FC Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1236291503-0
                                                                                                                                    • Opcode ID: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                    • Instruction ID: de63cd92c77f3cb9fb2eb90c382b6e67c208ed39d6b407df740eb05d7495152f
                                                                                                                                    • Opcode Fuzzy Hash: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                    • Instruction Fuzzy Hash: 0A311821E0C64342EB58BB6D95513B92292AF4AB84F845235FB5EC72F7DE2CF6048390
                                                                                                                                    Function 00007FF6B797D318 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileHandleType
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3000768030-0
                                                                                                                                    • Opcode ID: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                    • Instruction ID: cf0e1ff42a7b8a6d0e5e34f69f3357780817c221262aaff29a6d68e763dc1b30
                                                                                                                                    • Opcode Fuzzy Hash: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                    • Instruction Fuzzy Hash: C3318621A19B4782E760AB1D958017D6A50FB45FB8F641339DB6E973F1CF38E461E300
                                                                                                                                    Function 00007FF6B797D034 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF6B797D020,?,?,?,?,?,00007FF6B797D129), ref: 00007FF6B797D080
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00007FF6B797D020,?,?,?,?,?,00007FF6B797D129), ref: 00007FF6B797D08A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                    • Opcode ID: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                    • Instruction ID: 397ab510c458689c09c78054978e0aaa502d249893bd049ac6cb19cb1c9f5310
                                                                                                                                    • Opcode Fuzzy Hash: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                    • Instruction Fuzzy Hash: 5A11BF61A08B8381DA10AB29A404069A761EB44FF4F545331EB7D8B7FACF7CD0559744
                                                                                                                                    Function 00007FF6B79768E0 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B79767F5), ref: 00007FF6B7976913
                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B79767F5), ref: 00007FF6B7976929
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                    • Opcode ID: 2039fd83e8b56068fe4c14b51341d05702151df0dd8c41e9036d506d0e0dfe63
                                                                                                                                    • Instruction ID: d1f459cb77ba6df622860ec2022469bc58b83044e634c91887a9525a89070fef
                                                                                                                                    • Opcode Fuzzy Hash: 2039fd83e8b56068fe4c14b51341d05702151df0dd8c41e9036d506d0e0dfe63
                                                                                                                                    • Instruction Fuzzy Hash: 2D11513160C653C1EB54AB19A41117AB7A0FB857A1F50123AF7AEC19F9EF7CD454DB00
                                                                                                                                    Function 00007FF6B797B464 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                    • Opcode ID: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                    • Instruction ID: 37151babdfde6417281b90de849df898a9d590280e13ae0724eaea8169a903ed
                                                                                                                                    • Opcode Fuzzy Hash: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                    • Instruction Fuzzy Hash: F6E0EC51F0960392FF597BFA984907811A15F88B90F444534DB1DC6273DF2C68855710
                                                                                                                                    Function 00007FF6B797BA60 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF6B797B8DD,?,?,00000000,00007FF6B797B992), ref: 00007FF6B797BACE
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B797B8DD,?,?,00000000,00007FF6B797B992), ref: 00007FF6B797BAD8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                    • Opcode ID: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                    • Instruction ID: fd9e6582d61848c0b3588edc17c4878ab698b9683870415de89e2fcdae4dc1fe
                                                                                                                                    • Opcode Fuzzy Hash: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                    • Instruction Fuzzy Hash: 2A21A120F0868381FE69776DA49427D12E29F44BA0F444235DB2EC77F3CF6CA4454300
                                                                                                                                    Function 00007FF6B797CDAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: e4b37d1ac90d15cfb184970c58ebde71eef6bb39a30608cbf4500616c80da583
                                                                                                                                    • Instruction ID: 29b8bcf75a7901464ce221368a2f95d78751b3853ba9c5c74d0a86d910479558
                                                                                                                                    • Opcode Fuzzy Hash: e4b37d1ac90d15cfb184970c58ebde71eef6bb39a30608cbf4500616c80da583
                                                                                                                                    • Instruction Fuzzy Hash: 0441BD3290924387EA74AB2DA54027D77A5FF56B84F140131DBAEC3AE2CF2DE842D751
                                                                                                                                    Function 00007FF6B79673D0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                    • Opcode ID: d36b44b09557ebc38512e724297a866129cb5b6a693c97625a0c52cb31b1c1e4
                                                                                                                                    • Instruction ID: db31b1f1b54a11dc19dadc9b5361dda2d2b10a7752214b4cd4441307b84efa3b
                                                                                                                                    • Opcode Fuzzy Hash: d36b44b09557ebc38512e724297a866129cb5b6a693c97625a0c52cb31b1c1e4
                                                                                                                                    • Instruction Fuzzy Hash: FD21A621B0869345FB10BB2A65083BA9A52BF45BD4F884530EF4DC77ABCE7CE241C340
                                                                                                                                    Function 00007FF6B797C83C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 253ecda3210493d2f26eb4f52b5119aed9cb222ec82c37949b93d1e134238cda
                                                                                                                                    • Instruction ID: 851abeb4c2479d83f6b3f7ec0b78b63ddf72d3b2cb01dd79851f861fa4fd2d5e
                                                                                                                                    • Opcode Fuzzy Hash: 253ecda3210493d2f26eb4f52b5119aed9cb222ec82c37949b93d1e134238cda
                                                                                                                                    • Instruction Fuzzy Hash: 41312532A1CA1396F691BB6D98413BC2694AF85BA4F510235EB2D833F3DF7CE8418711
                                                                                                                                    Function 00007FF6B797A899 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                    • Opcode ID: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                    • Instruction ID: 08a8800bb04859b189d95420386e75bca66aeaef110646d3bc62e7bcf3008d4a
                                                                                                                                    • Opcode Fuzzy Hash: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                    • Instruction Fuzzy Hash: 82218132E097478AEB29AF6CC8842ED33A0EB04758F150635D76D86AE6EF38D594C744
                                                                                                                                    Function 00007FF6B7976F54 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                    • Instruction ID: ad97f9c560f11bc4761d2c8c147f11d489da664d2bdfce4069b025a6914620c3
                                                                                                                                    • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                    • Instruction Fuzzy Hash: 09117522A1C64381FA61BF59D40127EA360BF85B80F444035EB4ED7BA7DF3DD8518750
                                                                                                                                    Function 00007FF6B79875C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                    • Instruction ID: 90bea9dc51c43a8b3e3ecfde62f3e993e5a16408433f6d285b29f5f4e0bedede
                                                                                                                                    • Opcode Fuzzy Hash: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                    • Instruction Fuzzy Hash: B6213372A18A8386DB61AF5CD44037976A1EB94B94F544334E75DC76E6DF3DD4408B00
                                                                                                                                    Function 00007FF6B796F914 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                    • Instruction ID: 8c41885740010132f9adeac5aec84913b090092b223f9924a0439a2e3089db27
                                                                                                                                    • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                    • Instruction Fuzzy Hash: 9B016121A08B4381EA44AB5A9901179A696BF95FE0F484631EF6C97BFBDF3CE5018740
                                                                                                                                    Function 00007FF6B7978E38 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                                                                                    • Instruction ID: e5ba32d8520138dd22f9063a71dc2439a9db6966618ecac3b558539a9145f861
                                                                                                                                    • Opcode Fuzzy Hash: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                                                                                    • Instruction Fuzzy Hash: A2019E20F0D64380FEA27B6D6641E7965A4AF40BA0F044234EB1CE26F7DF3CB4514201
                                                                                                                                    Function 00007FF6B796C3DC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6B796C3F0
                                                                                                                                      • Part of subcall function 00007FF6B796CE18: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF6B796CE20
                                                                                                                                      • Part of subcall function 00007FF6B796CE18: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF6B796CE25
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1208906642-0
                                                                                                                                    • Opcode ID: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                    • Instruction ID: 27575bb9167b972cc8ee2836ab6cb33b2a63bce0b54ea9f4e7bcf7d121b463e6
                                                                                                                                    • Opcode Fuzzy Hash: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                    • Instruction Fuzzy Hash: 75E0B620D0E24381FF653B6D14522B906511F27344F901675FB7DD22F3DE0DF65622A6
                                                                                                                                    Function 00007FF6B7979174 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                    • Instruction ID: 601f3d1f41a3fbfcad50db1e074a4165b44120a3a359339350ec63bc74dfab30
                                                                                                                                    • Opcode Fuzzy Hash: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                    • Instruction Fuzzy Hash: 1FE0E261E082078AFB667BE845866BC1150CF18360F544074EB28962E3DF2D6C656722
                                                                                                                                    Function 00007FF6B797FE04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF6B797C22A,?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392), ref: 00007FF6B797FE59
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                    • Opcode ID: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                    • Instruction ID: 0f6be29efef8f4255632546a2e39c8eec0a8b4a5cec7b0e5f7be16e0a3edc206
                                                                                                                                    • Opcode Fuzzy Hash: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                    • Instruction Fuzzy Hash: 7EF09050B19607C5FE587BAD99153B452925F88B80F0C4430CF0EDA3F3EF2CE5824220
                                                                                                                                    Function 00007FF6B797E6C4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF6B7970268,?,?,?,00007FF6B79718D2,?,?,?,?,?,00007FF6B7974595), ref: 00007FF6B797E702
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                    • Opcode ID: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                    • Instruction ID: 59053278af22aae22f5d1125ea005bb10529a38beadb9fbd49b6068a87c4253b
                                                                                                                                    • Opcode Fuzzy Hash: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                    • Instruction Fuzzy Hash: FDF01211F1D20349FE687BA9594527512805F447A0F084630EF2EC93F3EF2CE8508612

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 00007FF6B7964C40 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964C50
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964C62
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964C99
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CAB
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CC4
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CD6
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CEF
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D01
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D1D
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D2F
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D4B
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D5D
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D79
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D8B
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DA7
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DB9
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DD5
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DE7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                    • Opcode ID: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                    • Instruction ID: 71f57f5da4639ef557f696a3b37ffc328eaaf273a7949bf2d6977bf74f176beb
                                                                                                                                    • Opcode Fuzzy Hash: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                    • Instruction Fuzzy Hash: 4922E524D0EB0799FA45FF6CB8649B423B1AF58BC0B941135DA1E86372EF3CB649D250
                                                                                                                                    Function 00007FF6B798531C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                    • Opcode ID: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                                                                                    • Instruction ID: 9f0662ac068b00c55a060c33bfd8692a87be14d88556551cd77ec9f76c07a101
                                                                                                                                    • Opcode Fuzzy Hash: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                                                                                    • Instruction Fuzzy Hash: D0B2B472A182838BE7659F68D440BFD37A1FB543C4F545135DB0E9BA96EF38A904CB40
                                                                                                                                    Function 00007FF6B796A26D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                    • API String ID: 0-2665694366
                                                                                                                                    • Opcode ID: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                                                                                    • Instruction ID: ca8c1d969989b1d2e85be2d19ae488d800e47f46b4a2ae1ffffd0dd714a41a22
                                                                                                                                    • Opcode Fuzzy Hash: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                                                                                    • Instruction Fuzzy Hash: 2B52D672A186A78BE7589F18C558B7E3BA9FB44340F014239E74A87791DF3DDA44CB80
                                                                                                                                    Function 00007FF6B796C6FC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                    • Opcode ID: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                    • Instruction ID: ba244204189bb65371f6442375a22464b7b6657714b297d21dc3e20a7b7a9f4d
                                                                                                                                    • Opcode Fuzzy Hash: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                    • Instruction Fuzzy Hash: 37314D72609B8386EB64AF68E8407ED7364FB88744F44403ADB4D87BA5DF38D648C710
                                                                                                                                    Function 00007FF6B797B558 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                    • Opcode ID: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                    • Instruction ID: f55ea423b58cb7319b7af1ec2b96304b94aea2717a3627f8cd9cc55bff8222df
                                                                                                                                    • Opcode Fuzzy Hash: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                    • Instruction Fuzzy Hash: D7314136608F8385DB64DB29E8406AD73A4FB88798F540135EB9D83B65DF38D555CB00
                                                                                                                                    Function 00007FF6B7982AE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                    • Opcode ID: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                                                                                    • Instruction ID: ed00c62b0a6020271656a83ed606232297430cfcd67fc3df4d4f01a6aee06b4f
                                                                                                                                    • Opcode Fuzzy Hash: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                                                                                    • Instruction Fuzzy Hash: 1CB1B526B1869381EE60EB29D8006B967A1EB44BE4F445132EF5E87BE7DF3CE541C300
                                                                                                                                    Function 00007FF6B796C5E0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                    • Instruction ID: ab2789081b49076c81472bffad7b64106b9326d7dc65968edff7fd55349347c9
                                                                                                                                    • Opcode Fuzzy Hash: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                    • Instruction Fuzzy Hash: 1A112E22B15F038AEB00EF68E8552B833A4FB19B58F441E35DB6D867A5DF7CE1548350
                                                                                                                                    Function 00007FF6B7984E80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memcpy_s
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                    • Opcode ID: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                                                                                    • Instruction ID: fdefc459cfded7b882e8771eeda3692942151d18914f474ffecce2e610034728
                                                                                                                                    • Opcode Fuzzy Hash: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                                                                                    • Instruction Fuzzy Hash: 28C1E172B1928787EB24DF19A04466AB7A1FB84BC4F448135DB4E877A5EF3DE805CB40
                                                                                                                                    Function 00007FF6B7969A34 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                    • API String ID: 0-1127688429
                                                                                                                                    • Opcode ID: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                                                                                    • Instruction ID: 14967164b0afe6090e0698e8a4fcba06a6e2f2c6c972104516da773b6dcb5c7c
                                                                                                                                    • Opcode Fuzzy Hash: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                                                                                    • Instruction Fuzzy Hash: 84F18472A183D746E795AF1DC088B3A7AE9EF45754F054638DB49877A2CF38D640C780
                                                                                                                                    Function 00007FF6B798A998 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                    • Opcode ID: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                                                                                    • Instruction ID: 7980449f31ba82413bd13f7c748081c71e1c473c2e8f596b7c8f9144a4c562b9
                                                                                                                                    • Opcode Fuzzy Hash: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                                                                                    • Instruction Fuzzy Hash: 75B11773608B8A8BEB199F2DC8463687BA0F744B88F158A25DB5D87BB5CF39D451C700
                                                                                                                                    Function 00007FF6B7974450 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $
                                                                                                                                    • API String ID: 0-227171996
                                                                                                                                    • Opcode ID: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                                                                                    • Instruction ID: 78bf87669d95f021379138700212cebc1a4da06789b512e52552df2f31647f52
                                                                                                                                    • Opcode Fuzzy Hash: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                                                                                    • Instruction Fuzzy Hash: 78E18972A1864782EB68AF2D805017D33A0FB45B88F645235DF5E8B7B7DF29E852C740
                                                                                                                                    Function 00007FF6B796989B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: incorrect header check$invalid window size
                                                                                                                                    • API String ID: 0-900081337
                                                                                                                                    • Opcode ID: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                                                                                    • Instruction ID: 8547005391f97c7b433042edaf853ff3676b5e7a3176065849b80ea812ab18af
                                                                                                                                    • Opcode Fuzzy Hash: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                                                                                    • Instruction Fuzzy Hash: 69919972A182C747E7A59F1CC458B3A3AADFB44354F114239DB4A867E5DF38DA40CB81
                                                                                                                                    Function 00007FF6B797EFB8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                    • Opcode ID: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                                                                                    • Instruction ID: 3bafa9f9ee221c034ff50b94459c16c139ca918b24c00194143adfb325ab2507
                                                                                                                                    • Opcode Fuzzy Hash: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                                                                                    • Instruction Fuzzy Hash: BB513822B186C786E724DB39D80176967A2E745B94F489231CBAC87BE6DF3DD4468700
                                                                                                                                    Function 00007FF6B797EB24 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: gfffffff
                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                    • Opcode ID: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                    • Instruction ID: 8b2c6448d5d221777d5e70f585d0028430c6e175fad4179029dbd5cc62d33412
                                                                                                                                    • Opcode Fuzzy Hash: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                    • Instruction Fuzzy Hash: C9A13662B087878AEB21DF29A4407AD7B91EB50B84F098531DF8D877A6DF3DE501C702
                                                                                                                                    Function 00007FF6B79796D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: TMP
                                                                                                                                    • API String ID: 3215553584-3125297090
                                                                                                                                    • Opcode ID: 2d09a8d0b3f9f3e3f4726bcb3549591c54293473ccc366ec5b1b4d61c621e7ad
                                                                                                                                    • Instruction ID: 3b5f9dc1cf4962d8a7db37823f8b7c351cf2def0521b1f9e7cab2caff2cce739
                                                                                                                                    • Opcode Fuzzy Hash: 2d09a8d0b3f9f3e3f4726bcb3549591c54293473ccc366ec5b1b4d61c621e7ad
                                                                                                                                    • Instruction Fuzzy Hash: F9514A15B0864381FA68BB2F99125BA5291EF85BE4F484535DF0ECB7B7EF3CE4468200
                                                                                                                                    Function 00007FF6B79846F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HeapProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                    • Opcode ID: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                                                                                    • Instruction ID: 5ab8f0cb9e01c723f501b75a71ad17b13f8bd1bde5f9efc08050bfa0eeedda2c
                                                                                                                                    • Opcode Fuzzy Hash: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                                                                                    • Instruction Fuzzy Hash: 4FB09220F17A03C6EA483F996C8221422B47F48B40FA44038C60CD1331DE2C20A66B10
                                                                                                                                    Function 00007FF6B7973F8C Relevance: .4, Instructions: 374COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                                                                                    • Instruction ID: e222075f1122d399a922d3bc02a0e49c343196ff19f616a347a0cf92ccde7f88
                                                                                                                                    • Opcode Fuzzy Hash: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                                                                                    • Instruction Fuzzy Hash: C7E18B26A0864386EB68AB2D854027E37A1FB94B48F148235DF0D877FBDF39E851C741
                                                                                                                                    Function 00007FF6B7973750 Relevance: .4, Instructions: 351COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                                                                                    • Instruction ID: 087481f4e32c339601e02beabe6c38dea082fb23117ed331133763ec8f73d2ad
                                                                                                                                    • Opcode Fuzzy Hash: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                                                                                    • Instruction Fuzzy Hash: 23E18D72B0868386E768AB2DC1553B937A1EB85B58F148235CB4D876FBDF39E841C740
                                                                                                                                    Function 00007FF6B7973B88 Relevance: .3, Instructions: 327COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                                                                                    • Instruction ID: 94ac8e837e638bb2b12041f409a51653914178f3c9818da0ae6ee5dbcdf31fb7
                                                                                                                                    • Opcode Fuzzy Hash: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                                                                                    • Instruction Fuzzy Hash: B8D1AC22B0868786EB68AF2DC55427D37A0BF45B58F284235DF0E876B6DF39E841C340
                                                                                                                                    Function 00007FF6B7968DC0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                                                                                    • Instruction ID: ca198a5bbf14463a9774b6d0f95b1fe910602a171af6ebbffb17bbd032ae8c6d
                                                                                                                                    • Opcode Fuzzy Hash: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                                                                                    • Instruction Fuzzy Hash: 6FC1C8B22141E14BD389EB29E46A57B33E1F798389BC4813ADF8B47B85CA3CE114D751
                                                                                                                                    Function 00007FF6B7972420 Relevance: .2, Instructions: 250COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                                                                                    • Instruction ID: 2c0678e24e32deaf5460bdda05cbb59c7de4366bad5d6ece58939693c61657ed
                                                                                                                                    • Opcode Fuzzy Hash: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                                                                                    • Instruction Fuzzy Hash: 66B16E72A2868786E765AF2DC05427D3BB0EB45F48F184136CB4D873AADF39EA40C751
                                                                                                                                    Function 00007FF6B79727B8 Relevance: .2, Instructions: 241COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                                                                                    • Instruction ID: af996d3ae6d983e65acaaab3bf74266c047abbc32990b21dac997eb2dd5fb67f
                                                                                                                                    • Opcode Fuzzy Hash: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                                                                                    • Instruction Fuzzy Hash: 99B16C72A2878786E7699F2DC05027D3BB0E749B58F684135CB4E873A6CF39DA41C744
                                                                                                                                    Function 00007FF6B797F638 Relevance: .2, Instructions: 198COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                                                                                    • Instruction ID: 4d78695a0efce8d4ab89a16aaf58e767ff34aecd812134ab147b5306025b7978
                                                                                                                                    • Opcode Fuzzy Hash: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                                                                                    • Instruction Fuzzy Hash: F481F772A1C78386EB74DB1D944037A7692FB45794F144239EB9E97BAADF3CD4018B00
                                                                                                                                    Function 00007FF6B7987688 Relevance: .2, Instructions: 183COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 9a295c8423642c4cbe815a0aaaea0e47db4d1eedc62cb34c9aae5a631900bf27
                                                                                                                                    • Instruction ID: a04bfff21367b8491c69e25a797aada3ea4ff07ed498be9bbd2058c9ee9a9ed1
                                                                                                                                    • Opcode Fuzzy Hash: 9a295c8423642c4cbe815a0aaaea0e47db4d1eedc62cb34c9aae5a631900bf27
                                                                                                                                    • Instruction Fuzzy Hash: 6761A122E1C29346F765ABAC849467D6681EF417A0F184639DB2DC7BE7EE7DE840C700
                                                                                                                                    Function 00007FF6B797173C Relevance: .1, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                    • Instruction ID: d3fe357924981d94e821f116748a6c5adb2d031760036b0a0bd3764466b4df18
                                                                                                                                    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                    • Instruction Fuzzy Hash: D6515F36A5865387E7249F2DD05027827A1EB84F68F244231CB4D9B7A6DF3AEC53C780
                                                                                                                                    Function 00007FF6B7970F1C Relevance: .1, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                    • Instruction ID: fb4b45a41f389d19580ed940beca8364f514e5d65c49f488245e59f6662bf80c
                                                                                                                                    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                    • Instruction Fuzzy Hash: 55515076A1865386E7249F2DC09122837B1EB89B68F244131DB4D977A6DF3AE853C780
                                                                                                                                    Function 00007FF6B797132C Relevance: .1, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                    • Instruction ID: 0f69958feecf439c69a1c007d386d4573da407c8e3cd83b6c4f6d7e52e7dd1f0
                                                                                                                                    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                    • Instruction Fuzzy Hash: A4516136A5865387E7249F2DC05522837A0EBC5F68F244231DB4D97BA6DF3AE843C780
                                                                                                                                    Function 00007FF6B7971128 Relevance: .1, Instructions: 145COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                    • Instruction ID: 9b86646b55027a3d4c6a0624d639da18edcbb7b88d9669c0f841187c38134e9c
                                                                                                                                    • Opcode Fuzzy Hash: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                    • Instruction Fuzzy Hash: 63516E36A6865387E7249F2DC04462937A1EB85F58F244131CF4D9B7B6DF3AE842C740
                                                                                                                                    Function 00007FF6B7971538 Relevance: .1, Instructions: 145COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                    • Instruction ID: 5c7291759b8a169d60fa9d058fb673a93ba2301f1a8c3858f5b7cfd085a48a40
                                                                                                                                    • Opcode Fuzzy Hash: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                    • Instruction Fuzzy Hash: 52516436A58A5387E7249F2DC04423927A0EB85F58F684131CF4D977B6DF3AE842C780
                                                                                                                                    Function 00007FF6B7970D18 Relevance: .1, Instructions: 145COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                    • Instruction ID: 2245671e37bf0e55647281680d0a8ea84f0f2d1865ecc6ad00b61ad955c9063d
                                                                                                                                    • Opcode Fuzzy Hash: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                    • Instruction Fuzzy Hash: B0517D76A28B5786F7649B2DC08022D37A0EB85B58F244131CF8D977A6DF3AE852C740
                                                                                                                                    Function 00007FF6B7976CF0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                    • Instruction ID: c5f0a204c8eb908b164349d1557863e07cf912cd3d052a47bc1e0148f0f762fc
                                                                                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                    • Instruction Fuzzy Hash: 7D41E692C1968B04E9969B1C49046B426909F53BB0F5822B4CF9FA73F7DF0E25A6C310
                                                                                                                                    Function 00007FF6B797AE20 Relevance: .1, Instructions: 126COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                    • Opcode ID: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                                                                                    • Instruction ID: 4cfc7e5397c6361f9aed3042325c3437236985af77d7b74318a5fc048d249502
                                                                                                                                    • Opcode Fuzzy Hash: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                                                                                    • Instruction Fuzzy Hash: 9541C062B18A5682EF08DF2ED915169A3A1FB48FC0B499032EF0DD7B69EF3DD0418300
                                                                                                                                    Function 00007FF6B7979020 Relevance: .1, Instructions: 98COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                    • Instruction ID: 299bc5f2f291fb3463fb5ff888e2b05c85490db916ad6fb62060d03f3eb30f8a
                                                                                                                                    • Opcode Fuzzy Hash: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                    • Instruction Fuzzy Hash: 0131A23271CB8382E764AF2AA44116D66A5EF85BA0F144238EB5D97BA7DF3CD4118704
                                                                                                                                    Function 00007FF6B798A7E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                                                                                    • Instruction ID: 7dff6bc1e2e5619fb4643dc2793bd611d21d14fb030e2cbcd1f0b3959b07d14a
                                                                                                                                    • Opcode Fuzzy Hash: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                                                                                    • Instruction Fuzzy Hash: 37F06872F292978ADB94EF2DA44262977E0F7483C4F908439D68DC3B15DE7C90518F04
                                                                                                                                    Function 00007FF6B796C8A0 Relevance: .0, Instructions: 2COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                                                                                    • Instruction ID: 3ece97f5aa9fc15b7fbd02f2d9c634587743d3ee8aee8e3559ee72d9ff272bfa
                                                                                                                                    • Opcode Fuzzy Hash: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                                                                                    • Instruction Fuzzy Hash: CFA00161908883D0F654AB08AA514202260BB55B50B400132E22DC10B2DF2CE9009290
                                                                                                                                    Function 00007FF6B7966B00 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                    • Opcode ID: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                    • Instruction ID: 4183d55e78d857847bbd378a0cd18569dba60e022bf92ce7c0f4336bfeb68002
                                                                                                                                    • Opcode Fuzzy Hash: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                    • Instruction Fuzzy Hash: B802D464E0DB07D0FA15BF6DB81497423B1AF09BD4F941236CA1E86276EF3CB649E250
                                                                                                                                    Function 00007FF6B7967610 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF6B7968950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B7963A04,00000000,00007FF6B7961965), ref: 00007FF6B7968989
                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6B7967CF7,FFFFFFFF,00000000,?,00007FF6B7963101), ref: 00007FF6B796766C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                    • API String ID: 2001182103-930877121
                                                                                                                                    • Opcode ID: b30a72d36afce0cd8273f42ba79e9994321ef07812378637c8fd6fc8c555bb8b
                                                                                                                                    • Instruction ID: 19b59fd4d0fa2189a1d3036f4959b7ca07fedf5fddbc9d8bb49a326596165768
                                                                                                                                    • Opcode Fuzzy Hash: b30a72d36afce0cd8273f42ba79e9994321ef07812378637c8fd6fc8c555bb8b
                                                                                                                                    • Instruction Fuzzy Hash: 5F515821A2DA4351FB50BB2DE8556BA6261EF947C0F541531DB0EC26FBEF3CE6048780
                                                                                                                                    Function 00007FF6B7967500 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                    • Opcode ID: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                    • Instruction ID: c9c02fd972eaf862a733af940d0abed67b4f4ce246c8e70b00f0665c1e97810e
                                                                                                                                    • Opcode Fuzzy Hash: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                    • Instruction Fuzzy Hash: C1217161B08A4382EB55AB7EE8445796351EF88FE4F484231DB1EC23BEDE2CD6859250
                                                                                                                                    Function 00007FF6B7977250 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                    • Opcode ID: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                    • Instruction ID: f5ce7ff951a244f3b280279acce6d20cdffece6d0a9852c4fd12930eccf2e03d
                                                                                                                                    • Opcode Fuzzy Hash: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                    • Instruction Fuzzy Hash: 5D12B761E0D14386FB24BB1CD0546B976A2FB80754F848136E79AC7AEADF3CE490CB51
                                                                                                                                    Function 00007FF6B79705A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                    • Opcode ID: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                    • Instruction ID: dbfa14a8b4181ffe56eff75c5f812ab90fab1ffbe49ac13aa6981ddff9d6026b
                                                                                                                                    • Opcode Fuzzy Hash: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                    • Instruction Fuzzy Hash: 06127172A0C18386FB64BB1DD0547BAB692FB50754F988135E7CA876E6DF3CE5808B10
                                                                                                                                    Function 00007FF6B7961030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                    • Opcode ID: ad96dfc8515e6a0473bec307b9f5a20cab2f76e4d8c70a0f2ab955cea7fede9d
                                                                                                                                    • Instruction ID: d3ae83a8476f99f6017ab8f6885e11d2136a7f6b107f92aee07f6e7e94b4c93a
                                                                                                                                    • Opcode Fuzzy Hash: ad96dfc8515e6a0473bec307b9f5a20cab2f76e4d8c70a0f2ab955cea7fede9d
                                                                                                                                    • Instruction Fuzzy Hash: FB415E62A0865396EB00FB19A8056B97291BF48BD4F554632EF0D877B7DE3CE6058780
                                                                                                                                    Function 00007FF6B7961450 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                    • Opcode ID: 8af264e11a69030fa53e87669ad293c38adcb1f9ff86f01272bd8eae845e4fa8
                                                                                                                                    • Instruction ID: 9029ed97f8e97d0b612ba27f7ded2a8c13da4a8d437d5aff39ff50934890e2ec
                                                                                                                                    • Opcode Fuzzy Hash: 8af264e11a69030fa53e87669ad293c38adcb1f9ff86f01272bd8eae845e4fa8
                                                                                                                                    • Instruction Fuzzy Hash: DC413D32A0868396EB00FB2994415B9B391EF48B94F444532EF4D87ABBDF3CE6059740
                                                                                                                                    Function 00007FF6B796DF98 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                    • Opcode ID: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                    • Instruction ID: 30eca0c9013b61d6dea0b1c3cab6f11fc8aef1754ee199296c59d069b8324caf
                                                                                                                                    • Opcode Fuzzy Hash: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                    • Instruction Fuzzy Hash: 1BD162329087438AEB20AB7994413AD77A0FB55B88F100235EF4D97767DF38E685C781
                                                                                                                                    Function 00007FF6B7962310 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B7962360
                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B796241A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentFormatMessageProcess
                                                                                                                                    • String ID: %ls$%ls: $<FormatMessageW failed.>$[PYI-%d:ERROR]
                                                                                                                                    • API String ID: 27993502-4247535189
                                                                                                                                    • Opcode ID: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                    • Instruction ID: 9977d124b9e7fdd9d24d8c21739ac2d276884502477f7ee63b7a2a2a0a1758a3
                                                                                                                                    • Opcode Fuzzy Hash: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                    • Instruction Fuzzy Hash: 5F31B322B0864341E720BB69B8106AA72A5BF84BD5F400235EF4DD7B6BDF3CD606C740
                                                                                                                                    Function 00007FF6B796D258 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D2DD
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D2EB
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D315
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D383
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D38F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                    • String ID: api-ms-
                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                    • Opcode ID: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                    • Instruction ID: e688300b0b96312ccdfeed5264eaa4df25a11ef7ebdbda52765fcb632acad364
                                                                                                                                    • Opcode Fuzzy Hash: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                    • Instruction Fuzzy Hash: D6319221A1AA4391EF11BB0AA800A7523A4BF49FA4F590635DF2DC73A2DF3CE545A350
                                                                                                                                    Function 00007FF6B79657A0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                    • Opcode ID: 57f2e03855a98cc957638366e02885260eb86ee0512a8128b0f554b17f515a16
                                                                                                                                    • Instruction ID: fe38ed45069b780fe4dcc508314d2db0f74d63348237e7f30eeefb9716efc35e
                                                                                                                                    • Opcode Fuzzy Hash: 57f2e03855a98cc957638366e02885260eb86ee0512a8128b0f554b17f515a16
                                                                                                                                    • Instruction Fuzzy Hash: 98417F31A19A8791EB21FB28E4541E96325FB54794F800232EB5DC76A7EF3CE715C780
                                                                                                                                    Function 00007FF6B797C050 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                    • Opcode ID: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                                                                                    • Instruction ID: 680552bfcf8af2201087af03a3fcd70d586e5e00fcd7c60b69efd43862018e64
                                                                                                                                    • Opcode Fuzzy Hash: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                                                                                    • Instruction Fuzzy Hash: 94214920F0D24782FA68B72D964127952669F457F1F144734DB3ED66F7EF6CA8418340
                                                                                                                                    Function 00007FF6B7988FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                    • String ID: CONOUT$
                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                    • Opcode ID: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                    • Instruction ID: 7f56145cd418018a7676e4ebc240a231f443dad7d83be1862fe4fb74db97fe4d
                                                                                                                                    • Opcode Fuzzy Hash: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                    • Instruction Fuzzy Hash: 6F115B21B18A4386F750AB5AE88472962B0FB98FE4F144234EB6DC77A6DF7CD9048740
                                                                                                                                    Function 00007FF6B79679B0 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32(FFFFFFFF,?,?,00000000,00007FF6B7968706), ref: 00007FF6B79679E2
                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967A39
                                                                                                                                      • Part of subcall function 00007FF6B7968950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B7963A04,00000000,00007FF6B7961965), ref: 00007FF6B7968989
                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967AC8
                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967B34
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967B45
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967B5A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                    • Opcode ID: e394586919bb787c5c57ed27fc0ac332066dc84938bb9692acbe845e24378f8e
                                                                                                                                    • Instruction ID: e1f41cecbdb4f53d55bf0e126e2e0e103c2e26ba85ea4d3b8ade35c3079ba77b
                                                                                                                                    • Opcode Fuzzy Hash: e394586919bb787c5c57ed27fc0ac332066dc84938bb9692acbe845e24378f8e
                                                                                                                                    • Instruction Fuzzy Hash: 39419461B1968381EB30AF29A5406BA63A4FF44BD4F440235DF9DD77AAEE3CD601C740
                                                                                                                                    Function 00007FF6B797C1C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C1D7
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C20D
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C23A
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C24B
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C25C
                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C277
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                    • Opcode ID: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                                                                                    • Instruction ID: 4c0add20af9be584a1d42f773088f9d9553c17d5b95b9232758f2b05f1ec9440
                                                                                                                                    • Opcode Fuzzy Hash: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                                                                                    • Instruction Fuzzy Hash: A5110620B0D64382FA58B7AD969117961569F89BF0F144734EF3E966F7EE6CE8418300
                                                                                                                                    Function 00007FF6B797A9C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                    • Opcode ID: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                    • Instruction ID: ec3a9dd274b0fb89ceaa9ec63f6970c0ed9712ba032088541d0846eae8d6d706
                                                                                                                                    • Opcode Fuzzy Hash: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                    • Instruction Fuzzy Hash: 8AF06D61B19A0391FA18AB6CE44473A6370EF99BA1F540639DB6E862F6CF2CD045C760
                                                                                                                                    Function 00007FF6B798A5D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _set_statfp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                    • Instruction ID: bb3bb628df156aa28b9de56c2510b169622d2cc53749e304f7d9a0a4a20cddde
                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                    • Instruction Fuzzy Hash: 8711E622E5CE0309F66D236CA9963792150EF593E4E184734EB6ED66FBCE6CA8518240
                                                                                                                                    Function 00007FF6B797C290 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C2AF
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C2CE
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C2F6
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C307
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C318
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                    • Opcode ID: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                                                                                    • Instruction ID: ac6df5796b0436ad4355aea92c126b6fd432c4cc0753346026dd087295f4f9fb
                                                                                                                                    • Opcode Fuzzy Hash: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                                                                                    • Instruction Fuzzy Hash: 2B113760F0D64742FAA8B36DA68117921569F453B0F584734EE3E966F7EF2CE8028300
                                                                                                                                    Function 00007FF6B797C124 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                    • Opcode ID: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                                                                                    • Instruction ID: 268024bb72bea891b6366a77daeab58c16ffd9772dc35961949ee74ee62bd2b9
                                                                                                                                    • Opcode Fuzzy Hash: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                                                                                    • Instruction Fuzzy Hash: 8911B710E0D20782F9A8F77D59521B912964F46374F584B34EB3EDA2F3EE6CB8418350
                                                                                                                                    Function 00007FF6B79685B0 Relevance: 7.5, APIs: 5, Instructions: 36sleepthreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Process$ConsoleCurrentShowSleepThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3908687701-0
                                                                                                                                    • Opcode ID: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                    • Instruction ID: e1c670530e16222d1ccc6fa321749f5704d2e62df78f311d9dffd6de56f2e070
                                                                                                                                    • Opcode Fuzzy Hash: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                    • Instruction Fuzzy Hash: 19018120F1874382EB58AB29A48483963A0EF48FC4F045275DB4FD267EDE3CE9519750
                                                                                                                                    Function 00007FF6B7976F60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: verbose
                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                    • Opcode ID: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                    • Instruction ID: 961764159b175da69427d5a293ca4c7b49f512575b50088fa79059620607de9a
                                                                                                                                    • Opcode Fuzzy Hash: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                    • Instruction Fuzzy Hash: E191BE32A08A4781FB61AF28D85077D37A1AB44B98F484136DB5EC73E6DF3CE8458311
                                                                                                                                    Function 00007FF6B7980E38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                    • Opcode ID: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                    • Instruction ID: e6b5a7adb54c90ba5b81a9383053b2f6210a2442685ad730d6189e1bf86bb659
                                                                                                                                    • Opcode Fuzzy Hash: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                    • Instruction Fuzzy Hash: 7781CD72E4C28385F765AF2D865127936A0AB11BC8F658039DB0ED72B7CF3DE9018701
                                                                                                                                    Function 00007FF6B796CBD8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                    • Opcode ID: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                    • Instruction ID: 599d1db9eaa8327d45410cab18917cc2a251ff4fbdd1c45c5962e528b7aa9b47
                                                                                                                                    • Opcode Fuzzy Hash: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                    • Instruction Fuzzy Hash: 5351B232B196038ADB14EF19D054A7837A5EB45B98F108231EB6D877AADF3DF941C780
                                                                                                                                    Function 00007FF6B796E818 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                    • String ID: csm$csm
                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                    • Opcode ID: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                    • Instruction ID: 9f0a10d0565fd5f2d4dd3d9d0dd898fd7e70de1cfa1cccc1f1ae2bdccb2880d4
                                                                                                                                    • Opcode Fuzzy Hash: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                    • Instruction Fuzzy Hash: DD518E329086838EEB74AB29914437877A0FB54B84F184235DB9C87BE6CF3CE651D781
                                                                                                                                    Function 00007FF6B796E468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                    • Opcode ID: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                    • Instruction ID: 0d4882f0245d55cd88114b5e1318c3c733f84f6287d53594d117d7b6a5dc996b
                                                                                                                                    • Opcode Fuzzy Hash: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                    • Instruction Fuzzy Hash: 6C618772908BC785DB61AB19E4403AAB7A0FB94B94F044735EB9C477A6DF7CE190CB40
                                                                                                                                    Function 00007FF6B7962220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,00007FF6B796866F), ref: 00007FF6B796226E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: %ls$WARNING$[PYI-%d:%ls]
                                                                                                                                    • API String ID: 2050909247-3372507544
                                                                                                                                    • Opcode ID: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                    • Instruction ID: 80b279d99b413d4721bfdd09f0cc9860897edc01fc17aed6ba2bc0db5dd03079
                                                                                                                                    • Opcode Fuzzy Hash: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                    • Instruction Fuzzy Hash: E121AF22619B8391E710ABA8B4516EA7364FB847C0F400136EB8D93A6BDF3CD215C780
                                                                                                                                    Function 00007FF6B797D4A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                    • Opcode ID: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                    • Instruction ID: c828bc5ab994a6d08de7021a6add6402fc86620c926f05993caab664b6510a1a
                                                                                                                                    • Opcode Fuzzy Hash: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                    • Instruction Fuzzy Hash: C4D1B072B09A4289E710DF69D4402EC37B1FB45B98B544236CF5E97BAADF38E416D700
                                                                                                                                    Function 00007FF6B7986D8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                    • String ID: ?
                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                    • Opcode ID: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                                                                                    • Instruction ID: 8533891fb8f6d7cbe33da0fb1cfb4da385864608e9df778d49ddc5e678d5768e
                                                                                                                                    • Opcode Fuzzy Hash: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                                                                                    • Instruction Fuzzy Hash: 5341C612A0838386FB65AB2DE44137A5660EB90BE4F144235EF5D8BAF7DF3DD4518700
                                                                                                                                    Function 00007FF6B7979F50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B7979F82
                                                                                                                                      • Part of subcall function 00007FF6B797B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                      • Part of subcall function 00007FF6B797B464: GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6B796C165), ref: 00007FF6B7979FA0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                    • String ID: C:\Users\user\Desktop\7zip.exe
                                                                                                                                    • API String ID: 3580290477-698707265
                                                                                                                                    • Opcode ID: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                                                                                    • Instruction ID: 745fef5ad238ff33ea00323b8d2c1571f66a2f2270ce94ca9ba4aa8b96b37537
                                                                                                                                    • Opcode Fuzzy Hash: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                                                                                    • Instruction Fuzzy Hash: 58416D32A09B1386EB18FF2DA8415B826A4EB45B94F544035EB4E87BB7DF3DE4518300
                                                                                                                                    Function 00007FF6B797DB38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                    • String ID: U
                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                    • Opcode ID: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                    • Instruction ID: c3e934c045fc0fa94f17bc7c08003bf1c2dd9d29068e6e0882c19b612f06d9f0
                                                                                                                                    • Opcode Fuzzy Hash: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                    • Instruction Fuzzy Hash: C341B272B19A4381EB20AF69E4443A967A0FB88B94F544131EF4DC77A9EF7CD501D740
                                                                                                                                    Function 00007FF6B7962020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6B7961B4A), ref: 00007FF6B7962070
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: %s: %s$[PYI-%d:ERROR]
                                                                                                                                    • API String ID: 2050909247-3704582800
                                                                                                                                    • Opcode ID: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                    • Instruction ID: 43a1db962a122693f23685073d017e3489240bebaac8d61685e0ac31c0edff04
                                                                                                                                    • Opcode Fuzzy Hash: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                    • Instruction Fuzzy Hash: 6321F662B1868355E720B769A8416EA6254BF88BD4F400231FF8DD776BDE3CD256C240
                                                                                                                                    Function 00007FF6B7980828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                    • String ID: :
                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                    • Opcode ID: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                                                                                    • Instruction ID: 4f8b99b7045a48e39c631de8066ddb2142eb0d00119e71f717edcb91f987b1cd
                                                                                                                                    • Opcode Fuzzy Hash: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                                                                                    • Instruction Fuzzy Hash: A0219432B0868381FB24AB1DD45426D63B1FB88B88F854135DB4D836A6DF7DE985C790
                                                                                                                                    Function 00007FF6B7961E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6B7961B79), ref: 00007FF6B7961E9E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: ERROR$[PYI-%d:%s]
                                                                                                                                    • API String ID: 2050909247-3005936843
                                                                                                                                    • Opcode ID: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                    • Instruction ID: 3b9d8cbf1e6e471b0205e96ad95eebb4b0deab1a394b34660864f0a13ee13cd3
                                                                                                                                    • Opcode Fuzzy Hash: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                    • Instruction Fuzzy Hash: D2119332A19B8382E720AB59B4816EA7364EF887C4F400135FB8D83B6ADE7CD2558740
                                                                                                                                    Function 00007FF6B7962140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6B79628DA,FFFFFFFF,00000000,00007FF6B796336A), ref: 00007FF6B796218E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: WARNING$[PYI-%d:%s]
                                                                                                                                    • API String ID: 2050909247-3752221249
                                                                                                                                    • Opcode ID: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                    • Instruction ID: c716a2d09c99e0acc954e0dad45d603b8627cfb33dd58643ec2b9c5a36307f73
                                                                                                                                    • Opcode Fuzzy Hash: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                    • Instruction Fuzzy Hash: AA119372A19B8381E720AB59B8816EA7364FF887C4F400135FB8D83B6ADF7CD2558740
                                                                                                                                    Function 00007FF6B796F2D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                    • Opcode ID: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                    • Instruction ID: 17c228804760a4833a2be2217540e875bf6da08c350a7df89683fa9a987ba304
                                                                                                                                    • Opcode Fuzzy Hash: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                    • Instruction Fuzzy Hash: 3C116D32608B8282EB209F29F440669B7E1FB88B98F184230DF8D47769DF3CD651CB00
                                                                                                                                    Function 00007FF6B79819AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2108567658.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2108219965.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109039646.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109131643.00007FF6B79A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2109181438.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                    • String ID: :
                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                    • Opcode ID: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                    • Instruction ID: ab4c5b6923f647a9bb9752bcb0e398dbbb940cf285e391c5f9e0334087861c7a
                                                                                                                                    • Opcode Fuzzy Hash: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                    • Instruction Fuzzy Hash: DF014F22A1C60386F760BF68E4622BE63A0EF48744F941539D74DC66A7EF3DE544CA14

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:2%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:683
                                                                                                                                    Total number of Limit Nodes:20
                                                                                                                                    execution_graph 46691 7ff6b796c1fc 46712 7ff6b796c3dc 46691->46712 46694 7ff6b796c21d __scrt_acquire_startup_lock 46697 7ff6b796c35d 46694->46697 46703 7ff6b796c23b __scrt_release_startup_lock 46694->46703 46695 7ff6b796c353 46873 7ff6b796c6fc 7 API calls 2 library calls 46695->46873 46874 7ff6b796c6fc 7 API calls 2 library calls 46697->46874 46699 7ff6b796c260 46700 7ff6b796c368 __GetCurrentState 46701 7ff6b796c2e6 46720 7ff6b797a6b8 46701->46720 46703->46699 46703->46701 46870 7ff6b797aa64 45 API calls 46703->46870 46705 7ff6b796c2eb 46726 7ff6b7961000 46705->46726 46709 7ff6b796c30f 46709->46700 46872 7ff6b796c560 7 API calls 46709->46872 46711 7ff6b796c326 46711->46699 46713 7ff6b796c3e4 46712->46713 46714 7ff6b796c3f0 __scrt_dllmain_crt_thread_attach 46713->46714 46715 7ff6b796c3fd 46714->46715 46716 7ff6b796c215 46714->46716 46875 7ff6b797b30c 46715->46875 46716->46694 46716->46695 46721 7ff6b797a6dd 46720->46721 46722 7ff6b797a6c8 46720->46722 46721->46705 46722->46721 46892 7ff6b797a148 40 API calls Concurrency::details::SchedulerProxy::DeleteThis 46722->46892 46724 7ff6b797a6e6 46724->46721 46893 7ff6b797a508 12 API calls 3 library calls 46724->46893 46727 7ff6b7962b80 46726->46727 46894 7ff6b79763c0 46727->46894 46729 7ff6b7962bbc 46901 7ff6b7962a70 46729->46901 46736 7ff6b7962cdb 47009 7ff6b79639d0 46736->47009 46737 7ff6b7962bfd 47004 7ff6b7961c60 46737->47004 46741 7ff6b7962c1c 46973 7ff6b7967e70 46741->46973 46742 7ff6b7962d2a 47032 7ff6b7961e50 81 API calls _log10_special 46742->47032 46746 7ff6b7962c4f 46753 7ff6b7962c7b __vcrt_freefls 46746->46753 47008 7ff6b7967fe0 40 API calls __vcrt_freefls 46746->47008 46747 7ff6b7962d1d 46748 7ff6b7962d22 46747->46748 46749 7ff6b7962d45 46747->46749 47028 7ff6b796f5a4 46748->47028 46752 7ff6b7961c60 49 API calls 46749->46752 46754 7ff6b7962d64 46752->46754 46755 7ff6b7967e70 14 API calls 46753->46755 46763 7ff6b7962c9e __vcrt_freefls 46753->46763 46758 7ff6b7961930 115 API calls 46754->46758 46755->46763 46757 7ff6b7962dcc 47035 7ff6b7967fe0 40 API calls __vcrt_freefls 46757->47035 46760 7ff6b7962d8e 46758->46760 46760->46741 46762 7ff6b7962d9e 46760->46762 46761 7ff6b7962dd8 47036 7ff6b7967fe0 40 API calls __vcrt_freefls 46761->47036 47033 7ff6b7961e50 81 API calls _log10_special 46762->47033 46768 7ff6b7962cce __vcrt_freefls 46763->46768 47034 7ff6b7967f80 40 API calls __vcrt_freefls 46763->47034 46766 7ff6b7962de4 47037 7ff6b7967fe0 40 API calls __vcrt_freefls 46766->47037 46769 7ff6b7967e70 14 API calls 46768->46769 46770 7ff6b7962e04 46769->46770 46771 7ff6b7962ef9 46770->46771 46772 7ff6b7962e29 __vcrt_freefls 46770->46772 47039 7ff6b7961e50 81 API calls _log10_special 46771->47039 46780 7ff6b7962e6c 46772->46780 47038 7ff6b7967f80 40 API calls __vcrt_freefls 46772->47038 46775 7ff6b796303a 46778 7ff6b7967e70 14 API calls 46775->46778 46776 7ff6b7963033 47040 7ff6b7968510 GetConsoleWindow GetCurrentProcessId GetWindowThreadProcessId ShowWindow Sleep 46776->47040 46781 7ff6b796304f __vcrt_freefls 46778->46781 46779 7ff6b7963038 46779->46775 46780->46775 46780->46776 46782 7ff6b796308a 46781->46782 46783 7ff6b7963187 46781->46783 46784 7ff6b796311a 46782->46784 46785 7ff6b7963094 46782->46785 47054 7ff6b79638f0 49 API calls 46783->47054 46789 7ff6b7967e70 14 API calls 46784->46789 47041 7ff6b79685c0 88 API calls _log10_special 46785->47041 46787 7ff6b7963195 46791 7ff6b79631ab 46787->46791 46792 7ff6b79631b7 46787->46792 46790 7ff6b7963126 46789->46790 46795 7ff6b79630a5 46790->46795 46798 7ff6b7963133 46790->46798 47055 7ff6b7963a40 46791->47055 46797 7ff6b7961c60 49 API calls 46792->46797 46793 7ff6b7963099 46794 7ff6b79630f9 46793->46794 46793->46795 47052 7ff6b7967ca0 113 API calls 2 library calls 46794->47052 47042 7ff6b7961e50 81 API calls _log10_special 46795->47042 46805 7ff6b7963171 __vcrt_freefls 46797->46805 46801 7ff6b7961c60 49 API calls 46798->46801 46804 7ff6b7963151 46801->46804 46802 7ff6b796320a 46986 7ff6b7968950 46802->46986 46803 7ff6b7963101 46807 7ff6b7963105 46803->46807 46808 7ff6b796310e 46803->46808 46804->46805 46809 7ff6b7963158 46804->46809 46805->46802 46810 7ff6b79631ed SetDllDirectoryW LoadLibraryExW 46805->46810 46807->46795 46808->46805 47053 7ff6b7961e50 81 API calls _log10_special 46809->47053 46810->46802 46811 7ff6b796321d SetDllDirectoryW 46814 7ff6b7963250 46811->46814 46860 7ff6b79632a1 46811->46860 46816 7ff6b7967e70 14 API calls 46814->46816 46815 7ff6b7962bc9 __vcrt_freefls 47043 7ff6b796bb10 46815->47043 46824 7ff6b796325c __vcrt_freefls 46816->46824 46817 7ff6b7963433 46818 7ff6b796343e 46817->46818 46825 7ff6b7963445 46817->46825 47068 7ff6b7968510 GetConsoleWindow GetCurrentProcessId GetWindowThreadProcessId ShowWindow Sleep 46818->47068 46819 7ff6b7963362 47066 7ff6b7962780 119 API calls 2 library calls 46819->47066 46822 7ff6b7963443 46822->46825 46823 7ff6b796336a 46823->46815 47067 7ff6b7968590 LocalFree 46823->47067 46827 7ff6b7963339 46824->46827 46831 7ff6b7963295 46824->46831 46991 7ff6b7962720 46825->46991 47065 7ff6b7967f80 40 API calls __vcrt_freefls 46827->47065 46831->46860 47058 7ff6b7966200 87 API calls _get_daylight 46831->47058 46842 7ff6b79632b3 47059 7ff6b7966780 115 API calls 2 library calls 46842->47059 46843 7ff6b7963474 46847 7ff6b79632c8 46850 7ff6b79632e9 46847->46850 46863 7ff6b79632cc 46847->46863 47060 7ff6b7966240 118 API calls _log10_special 46847->47060 46850->46863 47061 7ff6b79665f0 150 API calls 46850->47061 46855 7ff6b7963327 47064 7ff6b7966400 FreeLibrary 46855->47064 46856 7ff6b79632fe 46856->46863 47062 7ff6b7966930 82 API calls 46856->47062 46860->46817 46860->46819 46863->46860 47063 7ff6b7962140 81 API calls _log10_special 46863->47063 46870->46701 46871 7ff6b796c84c GetModuleHandleW 46871->46709 46872->46711 46873->46697 46874->46700 46876 7ff6b798471c 46875->46876 46877 7ff6b796c402 46876->46877 46880 7ff6b797d420 46876->46880 46877->46716 46879 7ff6b796ce18 7 API calls 2 library calls 46877->46879 46879->46716 46891 7ff6b7981548 EnterCriticalSection 46880->46891 46882 7ff6b797d430 46883 7ff6b79792a4 43 API calls 46882->46883 46884 7ff6b797d439 46883->46884 46885 7ff6b797d447 46884->46885 46886 7ff6b797d228 45 API calls 46884->46886 46887 7ff6b79815a8 _isindst LeaveCriticalSection 46885->46887 46888 7ff6b797d442 46886->46888 46889 7ff6b797d453 46887->46889 46890 7ff6b797d318 GetStdHandle GetFileType 46888->46890 46889->46876 46890->46885 46892->46724 46893->46721 46897 7ff6b79806f0 46894->46897 46895 7ff6b7980743 47070 7ff6b797b758 37 API calls 2 library calls 46895->47070 46897->46895 46898 7ff6b7980796 46897->46898 47071 7ff6b79805c8 71 API calls _fread_nolock 46898->47071 46900 7ff6b798076c 46900->46729 47072 7ff6b796be10 46901->47072 46904 7ff6b7962aab GetLastError 47079 7ff6b7962310 80 API calls _log10_special 46904->47079 46905 7ff6b7962ad0 47074 7ff6b7968840 FindFirstFileExW 46905->47074 46909 7ff6b7962b3d 47082 7ff6b7968a00 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 46909->47082 46910 7ff6b7962ae3 47080 7ff6b79688c0 CreateFileW GetFinalPathNameByHandleW CloseHandle 46910->47080 46911 7ff6b796bb10 _log10_special 8 API calls 46914 7ff6b7962b75 46911->46914 46914->46815 46923 7ff6b7961930 46914->46923 46915 7ff6b7962af0 46917 7ff6b7962af4 46915->46917 46920 7ff6b7962b0c __vcrt_FlsAlloc 46915->46920 46916 7ff6b7962b4b 46921 7ff6b7962ac6 46916->46921 47083 7ff6b7961f30 78 API calls _log10_special 46916->47083 47081 7ff6b7961f30 78 API calls _log10_special 46917->47081 46920->46909 46921->46911 46922 7ff6b7962b05 46922->46921 46924 7ff6b79639d0 108 API calls 46923->46924 46925 7ff6b7961965 46924->46925 46927 7ff6b79673d0 83 API calls 46925->46927 46933 7ff6b7961c23 46925->46933 46926 7ff6b796bb10 _log10_special 8 API calls 46928 7ff6b7961c3e 46926->46928 46929 7ff6b79619ab 46927->46929 46928->46736 46928->46737 46972 7ff6b79619e3 46929->46972 47084 7ff6b796fc2c 46929->47084 46931 7ff6b796f5a4 74 API calls 46931->46933 46932 7ff6b79619c5 46934 7ff6b79619c9 46932->46934 46935 7ff6b79619e8 46932->46935 46933->46926 47091 7ff6b7975e48 11 API calls _get_daylight 46934->47091 47088 7ff6b796f8f4 46935->47088 46939 7ff6b79619ce 47092 7ff6b7962020 87 API calls _log10_special 46939->47092 46941 7ff6b7961a06 47093 7ff6b7975e48 11 API calls _get_daylight 46941->47093 46942 7ff6b7961a25 46946 7ff6b7961a5b 46942->46946 46947 7ff6b7961a3c 46942->46947 46944 7ff6b7961a0b 47094 7ff6b7962020 87 API calls _log10_special 46944->47094 46948 7ff6b7961c60 49 API calls 46946->46948 47095 7ff6b7975e48 11 API calls _get_daylight 46947->47095 46950 7ff6b7961a72 46948->46950 46953 7ff6b7961c60 49 API calls 46950->46953 46951 7ff6b7961a41 47096 7ff6b7962020 87 API calls _log10_special 46951->47096 46954 7ff6b7961abd 46953->46954 46955 7ff6b796fc2c 73 API calls 46954->46955 46956 7ff6b7961ae1 46955->46956 46957 7ff6b7961af6 46956->46957 46958 7ff6b7961b15 46956->46958 47097 7ff6b7975e48 11 API calls _get_daylight 46957->47097 46959 7ff6b796f8f4 _fread_nolock 53 API calls 46958->46959 46961 7ff6b7961b2a 46959->46961 46963 7ff6b7961b4f 46961->46963 46964 7ff6b7961b30 46961->46964 46962 7ff6b7961afb 47098 7ff6b7962020 87 API calls _log10_special 46962->47098 47101 7ff6b796f668 37 API calls 2 library calls 46963->47101 47099 7ff6b7975e48 11 API calls _get_daylight 46964->47099 46968 7ff6b7961b35 47100 7ff6b7962020 87 API calls _log10_special 46968->47100 46969 7ff6b7961b69 46969->46972 47102 7ff6b7961e50 81 API calls _log10_special 46969->47102 46972->46931 46974 7ff6b7967e7a 46973->46974 46975 7ff6b7968950 2 API calls 46974->46975 46976 7ff6b7967e99 GetEnvironmentVariableW 46975->46976 46977 7ff6b7967eb6 ExpandEnvironmentStringsW 46976->46977 46978 7ff6b7967f02 46976->46978 46977->46978 46980 7ff6b7967ed8 46977->46980 46979 7ff6b796bb10 _log10_special 8 API calls 46978->46979 46982 7ff6b7967f14 46979->46982 47132 7ff6b7968a00 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 46980->47132 46982->46746 46983 7ff6b7967eea 46984 7ff6b796bb10 _log10_special 8 API calls 46983->46984 46985 7ff6b7967efa 46984->46985 46985->46746 46987 7ff6b7968972 MultiByteToWideChar 46986->46987 46988 7ff6b7968996 46986->46988 46987->46988 46990 7ff6b79689ac __vcrt_freefls 46987->46990 46989 7ff6b79689b3 MultiByteToWideChar 46988->46989 46988->46990 46989->46990 46990->46811 47133 7ff6b79657a0 46991->47133 46993 7ff6b7962759 47000 7ff6b7962a30 46993->47000 46996 7ff6b7962741 46996->46993 47201 7ff6b7965490 46996->47201 46998 7ff6b796274d 46998->46993 47210 7ff6b7965620 81 API calls 46998->47210 47001 7ff6b7962a3e 47000->47001 47002 7ff6b7962a4f 47001->47002 47330 7ff6b79684a0 FreeLibrary 47001->47330 47069 7ff6b7966400 FreeLibrary 47002->47069 47005 7ff6b7961c85 47004->47005 47331 7ff6b79758c4 47005->47331 47008->46753 47010 7ff6b79639dc 47009->47010 47011 7ff6b7968950 2 API calls 47010->47011 47012 7ff6b7963a04 47011->47012 47013 7ff6b7968950 2 API calls 47012->47013 47014 7ff6b7963a17 47013->47014 47358 7ff6b7976f54 47014->47358 47017 7ff6b796bb10 _log10_special 8 API calls 47018 7ff6b7962ceb 47017->47018 47018->46742 47019 7ff6b79673d0 47018->47019 47020 7ff6b79673f4 47019->47020 47021 7ff6b796fc2c 73 API calls 47020->47021 47026 7ff6b79674cb __vcrt_freefls 47020->47026 47022 7ff6b7967410 47021->47022 47022->47026 47526 7ff6b7978804 47022->47526 47024 7ff6b796fc2c 73 API calls 47027 7ff6b7967425 47024->47027 47025 7ff6b796f8f4 _fread_nolock 53 API calls 47025->47027 47026->46747 47027->47024 47027->47025 47027->47026 47029 7ff6b796f5d4 47028->47029 47542 7ff6b796f380 47029->47542 47031 7ff6b796f5ed 47031->46742 47032->46815 47033->46815 47034->46757 47035->46761 47036->46766 47037->46768 47038->46780 47039->46815 47040->46779 47041->46793 47042->46815 47044 7ff6b796bb19 47043->47044 47045 7ff6b79630ec 47044->47045 47046 7ff6b796bea0 IsProcessorFeaturePresent 47044->47046 47045->46871 47047 7ff6b796beb8 47046->47047 47554 7ff6b796c098 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 47047->47554 47049 7ff6b796becb 47555 7ff6b796be60 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 47049->47555 47052->46803 47053->46815 47054->46787 47056 7ff6b7961c60 49 API calls 47055->47056 47057 7ff6b7963a70 47056->47057 47057->46805 47058->46842 47059->46847 47060->46850 47061->46856 47062->46863 47063->46855 47064->46860 47065->46860 47066->46823 47068->46822 47069->46843 47070->46900 47071->46900 47073 7ff6b7962a7c GetModuleFileNameW 47072->47073 47073->46904 47073->46905 47075 7ff6b7968892 47074->47075 47076 7ff6b796887f FindClose 47074->47076 47077 7ff6b796bb10 _log10_special 8 API calls 47075->47077 47076->47075 47078 7ff6b7962ada 47077->47078 47078->46909 47078->46910 47079->46921 47080->46915 47081->46922 47082->46916 47083->46921 47085 7ff6b796fc5c 47084->47085 47103 7ff6b796f9bc 47085->47103 47087 7ff6b796fc75 47087->46932 47116 7ff6b796f914 47088->47116 47091->46939 47092->46972 47093->46944 47094->46972 47095->46951 47096->46972 47097->46962 47098->46972 47099->46968 47100->46972 47101->46969 47102->46972 47104 7ff6b796fa26 47103->47104 47105 7ff6b796f9e6 47103->47105 47104->47105 47107 7ff6b796fa32 47104->47107 47115 7ff6b797b758 37 API calls 2 library calls 47105->47115 47114 7ff6b79762dc EnterCriticalSection 47107->47114 47108 7ff6b796fa0d 47108->47087 47110 7ff6b796fa37 47111 7ff6b796fb40 71 API calls 47110->47111 47112 7ff6b796fa49 47111->47112 47113 7ff6b79762e8 _fread_nolock LeaveCriticalSection 47112->47113 47113->47108 47115->47108 47117 7ff6b7961a00 47116->47117 47118 7ff6b796f93e 47116->47118 47117->46941 47117->46942 47118->47117 47119 7ff6b796f94d memcpy_s 47118->47119 47120 7ff6b796f98a 47118->47120 47130 7ff6b7975e48 11 API calls _get_daylight 47119->47130 47129 7ff6b79762dc EnterCriticalSection 47120->47129 47123 7ff6b796f992 47125 7ff6b796f694 _fread_nolock 51 API calls 47123->47125 47124 7ff6b796f962 47131 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47124->47131 47127 7ff6b796f9a9 47125->47127 47128 7ff6b79762e8 _fread_nolock LeaveCriticalSection 47127->47128 47128->47117 47130->47124 47131->47117 47132->46983 47134 7ff6b79657b5 47133->47134 47135 7ff6b7961c60 49 API calls 47134->47135 47136 7ff6b79657f1 47135->47136 47137 7ff6b79657fa 47136->47137 47138 7ff6b796581d 47136->47138 47221 7ff6b7961e50 81 API calls _log10_special 47137->47221 47140 7ff6b7963a40 49 API calls 47138->47140 47141 7ff6b7965835 47140->47141 47142 7ff6b7965853 47141->47142 47222 7ff6b7961e50 81 API calls _log10_special 47141->47222 47211 7ff6b7963970 47142->47211 47143 7ff6b796bb10 _log10_special 8 API calls 47146 7ff6b796272e 47143->47146 47146->46993 47164 7ff6b7965940 47146->47164 47148 7ff6b796586b 47149 7ff6b7963a40 49 API calls 47148->47149 47151 7ff6b7965884 47149->47151 47150 7ff6b79684c0 3 API calls 47150->47148 47152 7ff6b79658a9 47151->47152 47153 7ff6b7965889 47151->47153 47217 7ff6b79684c0 47152->47217 47223 7ff6b7961e50 81 API calls _log10_special 47153->47223 47156 7ff6b79658b6 47157 7ff6b79658c2 47156->47157 47158 7ff6b7965901 47156->47158 47159 7ff6b7968950 2 API calls 47157->47159 47225 7ff6b7964c40 166 API calls 47158->47225 47161 7ff6b79658da GetLastError 47159->47161 47224 7ff6b7962310 80 API calls _log10_special 47161->47224 47163 7ff6b7965813 47163->47143 47226 7ff6b7964810 47164->47226 47166 7ff6b7965966 47167 7ff6b796597f 47166->47167 47168 7ff6b796596e 47166->47168 47233 7ff6b79640a0 47167->47233 47251 7ff6b7961e50 81 API calls _log10_special 47168->47251 47172 7ff6b796598b 47252 7ff6b7961e50 81 API calls _log10_special 47172->47252 47173 7ff6b796599c 47176 7ff6b79659ac 47173->47176 47178 7ff6b79659bd 47173->47178 47175 7ff6b796597a 47175->46996 47253 7ff6b7961e50 81 API calls _log10_special 47176->47253 47179 7ff6b79659ed 47178->47179 47180 7ff6b79659dc 47178->47180 47182 7ff6b7965a0d 47179->47182 47183 7ff6b79659fc 47179->47183 47254 7ff6b7961e50 81 API calls _log10_special 47180->47254 47237 7ff6b7964160 47182->47237 47255 7ff6b7961e50 81 API calls _log10_special 47183->47255 47187 7ff6b7965a2d 47190 7ff6b7965a4d 47187->47190 47191 7ff6b7965a3c 47187->47191 47188 7ff6b7965a1c 47256 7ff6b7961e50 81 API calls _log10_special 47188->47256 47193 7ff6b7965a5f 47190->47193 47195 7ff6b7965a70 47190->47195 47257 7ff6b7961e50 81 API calls _log10_special 47191->47257 47258 7ff6b7961e50 81 API calls _log10_special 47193->47258 47198 7ff6b7965a9a 47195->47198 47259 7ff6b79781ec 73 API calls 47195->47259 47197 7ff6b7965a88 47260 7ff6b79781ec 73 API calls 47197->47260 47198->47175 47261 7ff6b7961e50 81 API calls _log10_special 47198->47261 47202 7ff6b79654b0 47201->47202 47202->47202 47203 7ff6b79654d9 47202->47203 47208 7ff6b79654f0 __vcrt_freefls 47202->47208 47293 7ff6b7961e50 81 API calls _log10_special 47203->47293 47205 7ff6b79654e5 47205->46998 47207 7ff6b7961e50 81 API calls 47207->47208 47208->47207 47209 7ff6b79655fb 47208->47209 47263 7ff6b7961450 47208->47263 47209->46998 47210->46993 47212 7ff6b796397a 47211->47212 47213 7ff6b7968950 2 API calls 47212->47213 47214 7ff6b796399f 47213->47214 47215 7ff6b796bb10 _log10_special 8 API calls 47214->47215 47216 7ff6b79639c7 47215->47216 47216->47148 47216->47150 47218 7ff6b7968950 2 API calls 47217->47218 47219 7ff6b79684d4 LoadLibraryExW 47218->47219 47220 7ff6b79684f3 __vcrt_freefls 47219->47220 47220->47156 47221->47163 47222->47142 47223->47163 47224->47163 47225->47163 47227 7ff6b796483c 47226->47227 47228 7ff6b7964844 47227->47228 47229 7ff6b79649e4 47227->47229 47262 7ff6b7977a64 48 API calls 47227->47262 47228->47166 47230 7ff6b7964ba7 __vcrt_freefls 47229->47230 47231 7ff6b7963be0 47 API calls 47229->47231 47230->47166 47231->47229 47234 7ff6b79640d0 47233->47234 47235 7ff6b796bb10 _log10_special 8 API calls 47234->47235 47236 7ff6b796413a 47235->47236 47236->47172 47236->47173 47238 7ff6b7964175 47237->47238 47239 7ff6b7961c60 49 API calls 47238->47239 47240 7ff6b79641c1 47239->47240 47241 7ff6b7961c60 49 API calls 47240->47241 47250 7ff6b7964243 __vcrt_freefls 47240->47250 47242 7ff6b7964200 47241->47242 47245 7ff6b7968950 2 API calls 47242->47245 47242->47250 47243 7ff6b796bb10 _log10_special 8 API calls 47244 7ff6b796428e 47243->47244 47244->47187 47244->47188 47246 7ff6b7964216 47245->47246 47247 7ff6b7968950 2 API calls 47246->47247 47248 7ff6b796422d 47247->47248 47249 7ff6b7968950 2 API calls 47248->47249 47249->47250 47250->47243 47251->47175 47252->47175 47253->47175 47254->47175 47255->47175 47256->47175 47257->47175 47258->47175 47259->47197 47260->47198 47261->47175 47262->47227 47264 7ff6b79639d0 108 API calls 47263->47264 47265 7ff6b7961473 47264->47265 47266 7ff6b796147b 47265->47266 47267 7ff6b796149c 47265->47267 47316 7ff6b7961e50 81 API calls _log10_special 47266->47316 47269 7ff6b796fc2c 73 API calls 47267->47269 47271 7ff6b79614b1 47269->47271 47270 7ff6b796148b 47270->47208 47272 7ff6b79614b5 47271->47272 47274 7ff6b79614d8 47271->47274 47317 7ff6b7975e48 11 API calls _get_daylight 47272->47317 47276 7ff6b79614e8 47274->47276 47277 7ff6b7961512 47274->47277 47275 7ff6b79614ba 47318 7ff6b7962020 87 API calls _log10_special 47275->47318 47319 7ff6b7975e48 11 API calls _get_daylight 47276->47319 47280 7ff6b7961518 47277->47280 47288 7ff6b796152b 47277->47288 47294 7ff6b79611f0 47280->47294 47281 7ff6b79614f0 47320 7ff6b7962020 87 API calls _log10_special 47281->47320 47284 7ff6b796f5a4 74 API calls 47286 7ff6b79615a4 47284->47286 47285 7ff6b79614d3 __vcrt_freefls 47285->47284 47286->47208 47287 7ff6b796f8f4 _fread_nolock 53 API calls 47287->47288 47288->47285 47288->47287 47289 7ff6b79615b6 47288->47289 47321 7ff6b7975e48 11 API calls _get_daylight 47289->47321 47291 7ff6b79615bb 47322 7ff6b7962020 87 API calls _log10_special 47291->47322 47293->47205 47295 7ff6b7961248 47294->47295 47296 7ff6b7961277 47295->47296 47297 7ff6b796124f 47295->47297 47300 7ff6b79612b4 47296->47300 47301 7ff6b7961291 47296->47301 47323 7ff6b7961e50 81 API calls _log10_special 47297->47323 47299 7ff6b7961262 47299->47285 47305 7ff6b79612c6 47300->47305 47314 7ff6b79612e9 memcpy_s 47300->47314 47324 7ff6b7975e48 11 API calls _get_daylight 47301->47324 47303 7ff6b7961296 47325 7ff6b7962020 87 API calls _log10_special 47303->47325 47326 7ff6b7975e48 11 API calls _get_daylight 47305->47326 47307 7ff6b796f8f4 _fread_nolock 53 API calls 47307->47314 47308 7ff6b79612cb 47327 7ff6b7962020 87 API calls _log10_special 47308->47327 47310 7ff6b79612af __vcrt_freefls 47310->47285 47311 7ff6b79613af 47329 7ff6b7961e50 81 API calls _log10_special 47311->47329 47314->47307 47314->47310 47314->47311 47315 7ff6b796f668 37 API calls 47314->47315 47328 7ff6b7970034 76 API calls 47314->47328 47315->47314 47316->47270 47317->47275 47318->47285 47319->47281 47320->47285 47321->47291 47322->47285 47323->47299 47324->47303 47325->47310 47326->47308 47327->47310 47328->47314 47329->47310 47330->47002 47333 7ff6b797591e 47331->47333 47332 7ff6b7975943 47349 7ff6b797b758 37 API calls 2 library calls 47332->47349 47333->47332 47334 7ff6b797597f 47333->47334 47350 7ff6b79727b8 49 API calls _invalid_parameter_noinfo 47334->47350 47337 7ff6b797596d 47339 7ff6b796bb10 _log10_special 8 API calls 47337->47339 47338 7ff6b7975a5c 47340 7ff6b797b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 47338->47340 47342 7ff6b7961ca8 47339->47342 47340->47337 47341 7ff6b7975a16 47341->47338 47343 7ff6b7975a80 47341->47343 47344 7ff6b7975a31 47341->47344 47345 7ff6b7975a28 47341->47345 47342->46741 47343->47338 47346 7ff6b7975a8a 47343->47346 47351 7ff6b797b464 47344->47351 47345->47338 47345->47344 47348 7ff6b797b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 47346->47348 47348->47337 47349->47337 47350->47341 47352 7ff6b797b469 RtlFreeHeap 47351->47352 47353 7ff6b797b498 47351->47353 47352->47353 47354 7ff6b797b484 GetLastError 47352->47354 47353->47337 47355 7ff6b797b491 Concurrency::details::SchedulerProxy::DeleteThis 47354->47355 47357 7ff6b7975e48 11 API calls _get_daylight 47355->47357 47357->47353 47359 7ff6b7976e88 47358->47359 47360 7ff6b7976eae 47359->47360 47363 7ff6b7976ee1 47359->47363 47389 7ff6b7975e48 11 API calls _get_daylight 47360->47389 47362 7ff6b7976eb3 47390 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47362->47390 47365 7ff6b7976ee7 47363->47365 47366 7ff6b7976ef4 47363->47366 47391 7ff6b7975e48 11 API calls _get_daylight 47365->47391 47377 7ff6b797bb30 47366->47377 47369 7ff6b7963a26 47369->47017 47371 7ff6b7976f08 47392 7ff6b7975e48 11 API calls _get_daylight 47371->47392 47372 7ff6b7976f15 47384 7ff6b798113c 47372->47384 47375 7ff6b7976f28 47393 7ff6b79762e8 LeaveCriticalSection 47375->47393 47394 7ff6b7981548 EnterCriticalSection 47377->47394 47379 7ff6b797bb47 47380 7ff6b797bba4 19 API calls 47379->47380 47381 7ff6b797bb52 47380->47381 47382 7ff6b79815a8 _isindst LeaveCriticalSection 47381->47382 47383 7ff6b7976efe 47382->47383 47383->47371 47383->47372 47395 7ff6b7980e38 47384->47395 47388 7ff6b7981196 47388->47375 47389->47362 47390->47369 47391->47369 47392->47369 47400 7ff6b7980e73 __vcrt_FlsAlloc 47395->47400 47397 7ff6b7981111 47414 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47397->47414 47399 7ff6b7981043 47399->47388 47407 7ff6b7987fc4 47399->47407 47405 7ff6b798103a 47400->47405 47410 7ff6b7978978 51 API calls 3 library calls 47400->47410 47402 7ff6b79810a5 47402->47405 47411 7ff6b7978978 51 API calls 3 library calls 47402->47411 47404 7ff6b79810c4 47404->47405 47412 7ff6b7978978 51 API calls 3 library calls 47404->47412 47405->47399 47413 7ff6b7975e48 11 API calls _get_daylight 47405->47413 47415 7ff6b79875c4 47407->47415 47410->47402 47411->47404 47412->47405 47413->47397 47414->47399 47416 7ff6b79875db 47415->47416 47418 7ff6b79875f9 47415->47418 47469 7ff6b7975e48 11 API calls _get_daylight 47416->47469 47418->47416 47419 7ff6b7987615 47418->47419 47426 7ff6b7987bd4 47419->47426 47420 7ff6b79875e0 47470 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47420->47470 47424 7ff6b79875ec 47424->47388 47472 7ff6b7987908 47426->47472 47429 7ff6b7987c49 47504 7ff6b7975e28 11 API calls _get_daylight 47429->47504 47430 7ff6b7987c61 47492 7ff6b797945c 47430->47492 47433 7ff6b7987c4e 47505 7ff6b7975e48 11 API calls _get_daylight 47433->47505 47461 7ff6b7987640 47461->47424 47471 7ff6b7979434 LeaveCriticalSection 47461->47471 47469->47420 47470->47424 47473 7ff6b7987934 47472->47473 47481 7ff6b798794e 47472->47481 47473->47481 47517 7ff6b7975e48 11 API calls _get_daylight 47473->47517 47475 7ff6b7987943 47518 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47475->47518 47477 7ff6b7987a1d 47488 7ff6b7987a7a 47477->47488 47523 7ff6b797aab0 37 API calls 2 library calls 47477->47523 47478 7ff6b79879cc 47478->47477 47521 7ff6b7975e48 11 API calls _get_daylight 47478->47521 47481->47478 47519 7ff6b7975e48 11 API calls _get_daylight 47481->47519 47482 7ff6b7987a76 47485 7ff6b7987af8 47482->47485 47482->47488 47483 7ff6b7987a12 47522 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47483->47522 47524 7ff6b797b844 17 API calls _isindst 47485->47524 47487 7ff6b79879c1 47520 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47487->47520 47488->47429 47488->47430 47525 7ff6b7981548 EnterCriticalSection 47492->47525 47504->47433 47505->47461 47517->47475 47518->47481 47519->47487 47520->47478 47521->47483 47522->47477 47523->47482 47527 7ff6b7978834 47526->47527 47530 7ff6b7978310 47527->47530 47529 7ff6b797884d 47529->47027 47531 7ff6b797832b 47530->47531 47532 7ff6b797835a 47530->47532 47541 7ff6b797b758 37 API calls 2 library calls 47531->47541 47540 7ff6b79762dc EnterCriticalSection 47532->47540 47535 7ff6b797835f 47537 7ff6b797837c 38 API calls 47535->47537 47536 7ff6b797834b 47536->47529 47538 7ff6b797836b 47537->47538 47539 7ff6b79762e8 _fread_nolock LeaveCriticalSection 47538->47539 47539->47536 47541->47536 47543 7ff6b796f39b 47542->47543 47544 7ff6b796f3c9 47542->47544 47553 7ff6b797b758 37 API calls 2 library calls 47543->47553 47551 7ff6b796f3bb 47544->47551 47552 7ff6b79762dc EnterCriticalSection 47544->47552 47547 7ff6b796f3e0 47548 7ff6b796f3fc 72 API calls 47547->47548 47549 7ff6b796f3ec 47548->47549 47550 7ff6b79762e8 _fread_nolock LeaveCriticalSection 47549->47550 47550->47551 47551->47031 47553->47551 47554->47049 47556 7ff6b797a899 47568 7ff6b797b358 47556->47568 47558 7ff6b797a89e 47559 7ff6b797a8c5 GetModuleHandleW 47558->47559 47560 7ff6b797a90f 47558->47560 47559->47560 47566 7ff6b797a8d2 47559->47566 47561 7ff6b797a79c 11 API calls 47560->47561 47562 7ff6b797a94b 47561->47562 47563 7ff6b797a952 47562->47563 47564 7ff6b797a968 11 API calls 47562->47564 47565 7ff6b797a964 47564->47565 47566->47560 47567 7ff6b797a9c0 GetModuleHandleExW GetProcAddress FreeLibrary 47566->47567 47567->47560 47573 7ff6b797c050 45 API calls 3 library calls 47568->47573 47570 7ff6b797b361 47574 7ff6b797b40c 45 API calls 2 library calls 47570->47574 47573->47570 47575 7ff6b79765e4 47576 7ff6b797661b 47575->47576 47577 7ff6b79765fe 47575->47577 47576->47577 47578 7ff6b797662e CreateFileW 47576->47578 47600 7ff6b7975e28 11 API calls _get_daylight 47577->47600 47580 7ff6b7976698 47578->47580 47581 7ff6b7976662 47578->47581 47604 7ff6b7976bc0 46 API calls 3 library calls 47580->47604 47603 7ff6b7976738 59 API calls 3 library calls 47581->47603 47582 7ff6b7976603 47601 7ff6b7975e48 11 API calls _get_daylight 47582->47601 47586 7ff6b7976670 47589 7ff6b797668d CloseHandle 47586->47589 47590 7ff6b7976677 CloseHandle 47586->47590 47587 7ff6b797669d 47591 7ff6b79766cc 47587->47591 47592 7ff6b79766a1 47587->47592 47588 7ff6b797660b 47602 7ff6b797b824 37 API calls _invalid_parameter_noinfo 47588->47602 47595 7ff6b7976616 47589->47595 47590->47595 47606 7ff6b7976980 51 API calls 47591->47606 47605 7ff6b7975dbc 11 API calls 2 library calls 47592->47605 47597 7ff6b79766d9 47607 7ff6b7976abc 21 API calls _fread_nolock 47597->47607 47599 7ff6b79766ab 47599->47595 47600->47582 47601->47588 47602->47595 47603->47586 47604->47587 47605->47599 47606->47597 47607->47599 47608 7ff6b796b0a0 47609 7ff6b796b0ce 47608->47609 47610 7ff6b796b0b5 47608->47610 47610->47609 47613 7ff6b797e6c4 47610->47613 47614 7ff6b797e70f 47613->47614 47618 7ff6b797e6d3 _get_daylight 47613->47618 47621 7ff6b7975e48 11 API calls _get_daylight 47614->47621 47616 7ff6b797e6f6 HeapAlloc 47617 7ff6b796b12e 47616->47617 47616->47618 47618->47614 47618->47616 47620 7ff6b7984800 EnterCriticalSection LeaveCriticalSection _get_daylight 47618->47620 47620->47618 47621->47617 47622 7ff6b797d0e0 47623 7ff6b797d110 47622->47623 47626 7ff6b797cf14 47623->47626 47625 7ff6b797d129 47627 7ff6b797cf6b 47626->47627 47636 7ff6b797cf3d 47626->47636 47628 7ff6b797cf84 47627->47628 47630 7ff6b797cfdb 47627->47630 47638 7ff6b797b758 37 API calls 2 library calls 47628->47638 47637 7ff6b797934c EnterCriticalSection 47630->47637 47632 7ff6b797cfe2 47633 7ff6b797cff9 47632->47633 47634 7ff6b797d034 _fread_nolock 39 API calls 47632->47634 47635 7ff6b7979434 _fread_nolock LeaveCriticalSection 47633->47635 47634->47633 47635->47636 47636->47625 47638->47636 47639 7ff8b93c430c PyArg_ParseTuple 47640 7ff8b93c43c3 47639->47640 47641 7ff8b93c433e PySys_Audit 47639->47641 47641->47640 47642 7ff8b93c435b PyUnicode_AsWideCharString 47641->47642 47642->47640 47643 7ff8b93c4370 PyEval_SaveThread LoadLibraryExW 47642->47643 47644 7ff8b93c9130 GetLastError 47643->47644 47645 7ff8b93c4395 PyEval_RestoreThread PyMem_Free 47643->47645 47647 7ff8b93c913d PyErr_Format 47644->47647 47646 7ff8b93c43b2 47645->47646 47645->47647 47648 7ff8b93c43ba PyLong_FromVoidPtr 47646->47648 47649 7ff8b93c915f PyErr_SetFromWindowsErr 47646->47649 47647->47640 47648->47640 47649->47640 47650 7ff6b7962480 47651 7ff6b7962490 47650->47651 47652 7ff6b79624cb 47651->47652 47653 7ff6b79624e1 47651->47653 47671 7ff6b7961e50 81 API calls _log10_special 47652->47671 47655 7ff6b7962501 47653->47655 47666 7ff6b7962517 __vcrt_freefls 47653->47666 47672 7ff6b7961e50 81 API calls _log10_special 47655->47672 47657 7ff6b796bb10 _log10_special 8 API calls 47659 7ff6b796269a 47657->47659 47658 7ff6b79624d7 47658->47657 47660 7ff6b7961450 114 API calls 47660->47666 47661 7ff6b7962706 47676 7ff6b7961e50 81 API calls _log10_special 47661->47676 47662 7ff6b7961c60 49 API calls 47662->47666 47664 7ff6b79626f0 47675 7ff6b7961e50 81 API calls _log10_special 47664->47675 47666->47658 47666->47660 47666->47661 47666->47662 47666->47664 47667 7ff6b79626ca 47666->47667 47669 7ff6b79626a7 47666->47669 47674 7ff6b7961e50 81 API calls _log10_special 47667->47674 47673 7ff6b7961e50 81 API calls _log10_special 47669->47673 47671->47658 47672->47658 47673->47658 47674->47658 47675->47658 47676->47658

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00007FF6B7987BD4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 485 7ff6b7987bd4-7ff6b7987c47 call 7ff6b7987908 488 7ff6b7987c49-7ff6b7987c52 call 7ff6b7975e28 485->488 489 7ff6b7987c61-7ff6b7987c6b call 7ff6b797945c 485->489 494 7ff6b7987c55-7ff6b7987c5c call 7ff6b7975e48 488->494 495 7ff6b7987c6d-7ff6b7987c84 call 7ff6b7975e28 call 7ff6b7975e48 489->495 496 7ff6b7987c86-7ff6b7987cef CreateFileW 489->496 509 7ff6b7987fa2-7ff6b7987fc2 494->509 495->494 497 7ff6b7987d6c-7ff6b7987d77 GetFileType 496->497 498 7ff6b7987cf1-7ff6b7987cf7 496->498 504 7ff6b7987dca-7ff6b7987dd1 497->504 505 7ff6b7987d79-7ff6b7987db4 GetLastError call 7ff6b7975dbc CloseHandle 497->505 501 7ff6b7987d39-7ff6b7987d67 GetLastError call 7ff6b7975dbc 498->501 502 7ff6b7987cf9-7ff6b7987cfd 498->502 501->494 502->501 507 7ff6b7987cff-7ff6b7987d37 CreateFileW 502->507 512 7ff6b7987dd9-7ff6b7987ddc 504->512 513 7ff6b7987dd3-7ff6b7987dd7 504->513 505->494 520 7ff6b7987dba-7ff6b7987dc5 call 7ff6b7975e48 505->520 507->497 507->501 514 7ff6b7987de2-7ff6b7987e37 call 7ff6b7979374 512->514 515 7ff6b7987dde 512->515 513->514 523 7ff6b7987e39-7ff6b7987e45 call 7ff6b7987b10 514->523 524 7ff6b7987e56-7ff6b7987e87 call 7ff6b7987688 514->524 515->514 520->494 523->524 530 7ff6b7987e47 523->530 531 7ff6b7987e8d-7ff6b7987ecf 524->531 532 7ff6b7987e89-7ff6b7987e8b 524->532 535 7ff6b7987e49-7ff6b7987e51 call 7ff6b797b9c8 530->535 533 7ff6b7987ef1-7ff6b7987efc 531->533 534 7ff6b7987ed1-7ff6b7987ed5 531->534 532->535 537 7ff6b7987f02-7ff6b7987f06 533->537 538 7ff6b7987fa0 533->538 534->533 536 7ff6b7987ed7-7ff6b7987eec 534->536 535->509 536->533 537->538 540 7ff6b7987f0c-7ff6b7987f51 CloseHandle CreateFileW 537->540 538->509 542 7ff6b7987f86-7ff6b7987f9b 540->542 543 7ff6b7987f53-7ff6b7987f81 GetLastError call 7ff6b7975dbc call 7ff6b797959c 540->543 542->538 543->542
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                    • Opcode ID: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                    • Instruction ID: 94551cd22de5251bd98bd5012f0edc41f2c3057fba1928851bf56f57cdf33cea
                                                                                                                                    • Opcode Fuzzy Hash: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                    • Instruction Fuzzy Hash: 24C1A036B28A4385EB10EFA9D4906AC3761FB49BA8B011225DB2ED77A6DF38D451C340
                                                                                                                                    Function 00007FF6B7968840 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                    • Opcode ID: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                    • Instruction ID: 54e56b313b9a0cbad27098c3cd4586d5f9fd269d7ff139d19330e8eac6541a83
                                                                                                                                    • Opcode Fuzzy Hash: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                    • Instruction Fuzzy Hash: C6F0AF22A1864386F7A09B68B84876673A0FB84B64F400336DB7E826E5DF3CD1098A00
                                                                                                                                    Function 00007FF6B7961000 Relevance: 61.8, APIs: 3, Strings: 32, Instructions: 527COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                    • API String ID: 2776309574-3325264605
                                                                                                                                    • Opcode ID: 30395da6c4f7b6327b8c33b2cc81a557c7d7a351217dd3b9d296cb896ae36a66
                                                                                                                                    • Instruction ID: 348b3eb0d342db8d84991636e9c410ac2506de42be019de96a3377275ab4cd8e
                                                                                                                                    • Opcode Fuzzy Hash: 30395da6c4f7b6327b8c33b2cc81a557c7d7a351217dd3b9d296cb896ae36a66
                                                                                                                                    • Instruction Fuzzy Hash: 3E427F21A0C68391FB25FB28D4152F966A1AF55780F844232DB5EC62F7EF2CE749D390
                                                                                                                                    Function 00007FF8B93C430C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 68threadlibraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102290499.00007FF8B93C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102271587.00007FF8B93C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102312697.00007FF8B93D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102330511.00007FF8B93D8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102349809.00007FF8B93DC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102349809.00007FF8B93DE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b93c0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_Eval_FromThread$Arg_AuditCharErrorFormatFreeLastLibraryLoadLong_Mem_ParseRestoreSaveStringSys_TupleUnicode_VoidWideWindows
                                                                                                                                    • String ID: Could not find module '%.500S' (or one of its dependencies). Try using the full path with constructor syntax.$U|i:LoadLibrary$ctypes.dlopen
                                                                                                                                    • API String ID: 3805577924-808210370
                                                                                                                                    • Opcode ID: 4989f78db13d8ccae8f47d1c6d1c48e65b5555a209307455c99b8303ed314052
                                                                                                                                    • Instruction ID: ef0a84dba990b56fe5a48da4aa401c13f1fc16c4ef82075f378a12d7d320d0e6
                                                                                                                                    • Opcode Fuzzy Hash: 4989f78db13d8ccae8f47d1c6d1c48e65b5555a209307455c99b8303ed314052
                                                                                                                                    • Instruction Fuzzy Hash: 99212161B08BC286FB689FE9E8681796775AF8DBD5F04A031CB0E42360DE7CE459C300
                                                                                                                                    Function 00007FF6B7961930 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 307 7ff6b7961930-7ff6b796196b call 7ff6b79639d0 310 7ff6b7961c2e-7ff6b7961c52 call 7ff6b796bb10 307->310 311 7ff6b7961971-7ff6b79619b1 call 7ff6b79673d0 307->311 316 7ff6b7961c1b-7ff6b7961c1e call 7ff6b796f5a4 311->316 317 7ff6b79619b7-7ff6b79619c7 call 7ff6b796fc2c 311->317 321 7ff6b7961c23-7ff6b7961c2b 316->321 322 7ff6b79619c9-7ff6b79619e3 call 7ff6b7975e48 call 7ff6b7962020 317->322 323 7ff6b79619e8-7ff6b7961a04 call 7ff6b796f8f4 317->323 321->310 322->316 329 7ff6b7961a06-7ff6b7961a20 call 7ff6b7975e48 call 7ff6b7962020 323->329 330 7ff6b7961a25-7ff6b7961a3a call 7ff6b7975e68 323->330 329->316 337 7ff6b7961a5b-7ff6b7961adc call 7ff6b7961c60 * 2 call 7ff6b796fc2c 330->337 338 7ff6b7961a3c-7ff6b7961a56 call 7ff6b7975e48 call 7ff6b7962020 330->338 349 7ff6b7961ae1-7ff6b7961af4 call 7ff6b7975e84 337->349 338->316 352 7ff6b7961af6-7ff6b7961b10 call 7ff6b7975e48 call 7ff6b7962020 349->352 353 7ff6b7961b15-7ff6b7961b2e call 7ff6b796f8f4 349->353 352->316 358 7ff6b7961b4f-7ff6b7961b6b call 7ff6b796f668 353->358 359 7ff6b7961b30-7ff6b7961b4a call 7ff6b7975e48 call 7ff6b7962020 353->359 367 7ff6b7961b6d-7ff6b7961b79 call 7ff6b7961e50 358->367 368 7ff6b7961b7e-7ff6b7961b8c 358->368 359->316 367->316 368->316 371 7ff6b7961b92-7ff6b7961b99 368->371 372 7ff6b7961ba1-7ff6b7961ba7 371->372 374 7ff6b7961ba9-7ff6b7961bb6 372->374 375 7ff6b7961bc0-7ff6b7961bcf 372->375 376 7ff6b7961bd1-7ff6b7961bda 374->376 375->375 375->376 377 7ff6b7961bdc-7ff6b7961bdf 376->377 378 7ff6b7961bef 376->378 377->378 379 7ff6b7961be1-7ff6b7961be4 377->379 380 7ff6b7961bf1-7ff6b7961c04 378->380 379->378 381 7ff6b7961be6-7ff6b7961be9 379->381 382 7ff6b7961c0d-7ff6b7961c19 380->382 383 7ff6b7961c06 380->383 381->378 384 7ff6b7961beb-7ff6b7961bed 381->384 382->316 382->372 383->382 384->380
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF6B79673D0: _fread_nolock.LIBCMT ref: 00007FF6B796747A
                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF6B79619FB
                                                                                                                                      • Part of subcall function 00007FF6B7962020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6B7961B4A), ref: 00007FF6B7962070
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                    • Opcode ID: 2e0047be3f3a7339e44404096c10c6e0dcbdef4948abf8bbb6db7b839ebe303a
                                                                                                                                    • Instruction ID: 8b240907943072b703d64f1942ad20c865debebd85efea3803fc5f0b2109ce44
                                                                                                                                    • Opcode Fuzzy Hash: 2e0047be3f3a7339e44404096c10c6e0dcbdef4948abf8bbb6db7b839ebe303a
                                                                                                                                    • Instruction Fuzzy Hash: D3818071A0D68785EB50FB28D0416B933A1EF48B84F444236EB8DC77ABDE3CE6459780
                                                                                                                                    Function 00007FF6B7961450 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                    • Opcode ID: 545bae09372bb2ed5803edf2948f347a4f07d0ab5a83d20159901e74a1c7a030
                                                                                                                                    • Instruction ID: 9029ed97f8e97d0b612ba27f7ded2a8c13da4a8d437d5aff39ff50934890e2ec
                                                                                                                                    • Opcode Fuzzy Hash: 545bae09372bb2ed5803edf2948f347a4f07d0ab5a83d20159901e74a1c7a030
                                                                                                                                    • Instruction Fuzzy Hash: DC413D32A0868396EB00FB2994415B9B391EF48B94F444532EF4D87ABBDF3CE6059740
                                                                                                                                    Function 00007FF6B79611F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 548 7ff6b79611f0-7ff6b796124d call 7ff6b796b340 551 7ff6b7961277-7ff6b796128f call 7ff6b7975e84 548->551 552 7ff6b796124f-7ff6b7961276 call 7ff6b7961e50 548->552 557 7ff6b79612b4-7ff6b79612c4 call 7ff6b7975e84 551->557 558 7ff6b7961291-7ff6b79612af call 7ff6b7975e48 call 7ff6b7962020 551->558 564 7ff6b79612c6-7ff6b79612e4 call 7ff6b7975e48 call 7ff6b7962020 557->564 565 7ff6b79612e9-7ff6b79612fb 557->565 570 7ff6b7961419-7ff6b796144d call 7ff6b796b020 call 7ff6b7975e70 * 2 558->570 564->570 568 7ff6b7961300-7ff6b796131d call 7ff6b796f8f4 565->568 573 7ff6b7961322-7ff6b7961325 568->573 576 7ff6b796132b-7ff6b7961335 call 7ff6b796f668 573->576 577 7ff6b7961411 573->577 576->577 584 7ff6b796133b-7ff6b7961347 576->584 577->570 586 7ff6b7961350-7ff6b7961378 call 7ff6b7969780 584->586 589 7ff6b796137a-7ff6b796137d 586->589 590 7ff6b79613f6-7ff6b796140c call 7ff6b7961e50 586->590 591 7ff6b796137f-7ff6b7961389 589->591 592 7ff6b79613f1 589->592 590->577 594 7ff6b796138b-7ff6b79613a1 call 7ff6b7970034 591->594 595 7ff6b79613b4-7ff6b79613b7 591->595 592->590 605 7ff6b79613a3-7ff6b79613ad call 7ff6b796f668 594->605 606 7ff6b79613af-7ff6b79613b2 594->606 596 7ff6b79613ca-7ff6b79613cf 595->596 597 7ff6b79613b9-7ff6b79613c7 call 7ff6b798b0a0 595->597 596->586 600 7ff6b79613d5-7ff6b79613d8 596->600 597->596 603 7ff6b79613da-7ff6b79613dd 600->603 604 7ff6b79613ec-7ff6b79613ef 600->604 603->590 607 7ff6b79613df-7ff6b79613e7 603->607 604->577 605->596 605->606 606->590 607->568
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                    • Opcode ID: a3e1e1eb698bfc14be5cb8d9021642f9353ff61f751d30c767a48776155dbd53
                                                                                                                                    • Instruction ID: 48a1a46ab83925c280a288d66d2933eec97d4e79159434fea5c754233ab6318d
                                                                                                                                    • Opcode Fuzzy Hash: a3e1e1eb698bfc14be5cb8d9021642f9353ff61f751d30c767a48776155dbd53
                                                                                                                                    • Instruction Fuzzy Hash: 9A51A122A09A8385E760BB19A4407BA6291BF85B94F444235EF4EC77B7EF3CE645C740
                                                                                                                                    Function 00007FF6B797FF7C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6B7980316,?,?,-00000018,00007FF6B797BC5B,?,?,?,00007FF6B797BB52,?,?,?,00007FF6B7976EFE), ref: 00007FF6B79800F8
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6B7980316,?,?,-00000018,00007FF6B797BC5B,?,?,?,00007FF6B797BB52,?,?,?,00007FF6B7976EFE), ref: 00007FF6B7980104
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                    • Opcode ID: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                    • Instruction ID: d2e04223ced88ceb13463578c2fa9ce095faabb4bb44e78589a2b5da4d0795d1
                                                                                                                                    • Opcode Fuzzy Hash: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                    • Instruction Fuzzy Hash: B441C022B1AA4345FA15EF1EA80067522A1BF49BE0F084135DF2ED77A6EF7DE445C300
                                                                                                                                    Function 00007FF6B7962A70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF6B7962BC5), ref: 00007FF6B7962AA1
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B7962BC5), ref: 00007FF6B7962AAB
                                                                                                                                      • Part of subcall function 00007FF6B7962310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B7962360
                                                                                                                                      • Part of subcall function 00007FF6B7962310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B796241A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                    • API String ID: 4002088556-2863816727
                                                                                                                                    • Opcode ID: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                    • Instruction ID: d163e186fb902545740b755f5702483ee74828f82fca03baacea61e7f3612953
                                                                                                                                    • Opcode Fuzzy Hash: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                    • Instruction Fuzzy Hash: 83214161B1864381FB60BB2CE8153B62260FF49794F800236E75DC65F7EE2CE7048784
                                                                                                                                    Function 00007FF6B797C95C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 735 7ff6b797c95c-7ff6b797c982 736 7ff6b797c99d-7ff6b797c9a1 735->736 737 7ff6b797c984-7ff6b797c998 call 7ff6b7975e28 call 7ff6b7975e48 735->737 739 7ff6b797cd77-7ff6b797cd83 call 7ff6b7975e28 call 7ff6b7975e48 736->739 740 7ff6b797c9a7-7ff6b797c9ae 736->740 755 7ff6b797cd8e 737->755 758 7ff6b797cd89 call 7ff6b797b824 739->758 740->739 741 7ff6b797c9b4-7ff6b797c9e2 740->741 741->739 744 7ff6b797c9e8-7ff6b797c9ef 741->744 747 7ff6b797ca08-7ff6b797ca0b 744->747 748 7ff6b797c9f1-7ff6b797ca03 call 7ff6b7975e28 call 7ff6b7975e48 744->748 753 7ff6b797cd73-7ff6b797cd75 747->753 754 7ff6b797ca11-7ff6b797ca17 747->754 748->758 756 7ff6b797cd91-7ff6b797cda8 753->756 754->753 759 7ff6b797ca1d-7ff6b797ca20 754->759 755->756 758->755 759->748 762 7ff6b797ca22-7ff6b797ca47 759->762 764 7ff6b797ca7a-7ff6b797ca81 762->764 765 7ff6b797ca49-7ff6b797ca4b 762->765 766 7ff6b797ca56-7ff6b797ca6d call 7ff6b7975e28 call 7ff6b7975e48 call 7ff6b797b824 764->766 767 7ff6b797ca83-7ff6b797caab call 7ff6b797e6c4 call 7ff6b797b464 * 2 764->767 768 7ff6b797ca4d-7ff6b797ca54 765->768 769 7ff6b797ca72-7ff6b797ca78 765->769 798 7ff6b797cc00 766->798 800 7ff6b797caad-7ff6b797cac3 call 7ff6b7975e48 call 7ff6b7975e28 767->800 801 7ff6b797cac8-7ff6b797caf3 call 7ff6b797d184 767->801 768->766 768->769 770 7ff6b797caf8-7ff6b797cb0f 769->770 773 7ff6b797cb8a-7ff6b797cb94 call 7ff6b7984b8c 770->773 774 7ff6b797cb11-7ff6b797cb19 770->774 785 7ff6b797cb9a-7ff6b797cbaf 773->785 786 7ff6b797cc1e 773->786 774->773 779 7ff6b797cb1b-7ff6b797cb1d 774->779 779->773 783 7ff6b797cb1f-7ff6b797cb35 779->783 783->773 788 7ff6b797cb37-7ff6b797cb43 783->788 785->786 790 7ff6b797cbb1-7ff6b797cbc3 GetConsoleMode 785->790 794 7ff6b797cc23-7ff6b797cc43 ReadFile 786->794 788->773 792 7ff6b797cb45-7ff6b797cb47 788->792 790->786 797 7ff6b797cbc5-7ff6b797cbcd 790->797 792->773 799 7ff6b797cb49-7ff6b797cb61 792->799 795 7ff6b797cd3d-7ff6b797cd46 GetLastError 794->795 796 7ff6b797cc49-7ff6b797cc51 794->796 805 7ff6b797cd48-7ff6b797cd5e call 7ff6b7975e48 call 7ff6b7975e28 795->805 806 7ff6b797cd63-7ff6b797cd66 795->806 796->795 802 7ff6b797cc57 796->802 797->794 804 7ff6b797cbcf-7ff6b797cbf1 ReadConsoleW 797->804 807 7ff6b797cc03-7ff6b797cc0d call 7ff6b797b464 798->807 799->773 808 7ff6b797cb63-7ff6b797cb6f 799->808 800->798 801->770 810 7ff6b797cc5e-7ff6b797cc73 802->810 812 7ff6b797cbf3 GetLastError 804->812 813 7ff6b797cc12-7ff6b797cc1c 804->813 805->798 817 7ff6b797cd6c-7ff6b797cd6e 806->817 818 7ff6b797cbf9-7ff6b797cbfb call 7ff6b7975dbc 806->818 807->756 808->773 816 7ff6b797cb71-7ff6b797cb73 808->816 810->807 821 7ff6b797cc75-7ff6b797cc80 810->821 812->818 813->810 816->773 825 7ff6b797cb75-7ff6b797cb85 816->825 817->807 818->798 827 7ff6b797cca7-7ff6b797ccaf 821->827 828 7ff6b797cc82-7ff6b797cc9b call 7ff6b797c574 821->828 825->773 831 7ff6b797cd2b-7ff6b797cd38 call 7ff6b797c3b4 827->831 832 7ff6b797ccb1-7ff6b797ccc3 827->832 835 7ff6b797cca0-7ff6b797cca2 828->835 831->835 836 7ff6b797ccc5 832->836 837 7ff6b797cd1e-7ff6b797cd26 832->837 835->807 839 7ff6b797ccca-7ff6b797ccd1 836->839 837->807 840 7ff6b797cd0d-7ff6b797cd18 839->840 841 7ff6b797ccd3-7ff6b797ccd7 839->841 840->837 842 7ff6b797ccd9-7ff6b797cce0 841->842 843 7ff6b797ccf3 841->843 842->843 845 7ff6b797cce2-7ff6b797cce6 842->845 844 7ff6b797ccf9-7ff6b797cd09 843->844 844->839 846 7ff6b797cd0b 844->846 845->843 847 7ff6b797cce8-7ff6b797ccf1 845->847 846->837 847->844
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: eb536eff56005b26acab214ddad3b7f617f69f6ae0f39e6e286dc3f6b59ee020
                                                                                                                                    • Instruction ID: f6a68e91d677feff32aef6672eb36b6f5fee02a9aef14de13f78695aa0f1d370
                                                                                                                                    • Opcode Fuzzy Hash: eb536eff56005b26acab214ddad3b7f617f69f6ae0f39e6e286dc3f6b59ee020
                                                                                                                                    • Instruction Fuzzy Hash: 9AC1C532A0CA8391E751AB1D94442BD2B98EF86B90F595531EB6E837F3CF7CE8458740
                                                                                                                                    Function 00007FF6B79657A0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                    • Opcode ID: 7a55adeaadc319c70d2ba838d1fcf91999e9c466860aec4aa2ab7dbe0270684a
                                                                                                                                    • Instruction ID: fe38ed45069b780fe4dcc508314d2db0f74d63348237e7f30eeefb9716efc35e
                                                                                                                                    • Opcode Fuzzy Hash: 7a55adeaadc319c70d2ba838d1fcf91999e9c466860aec4aa2ab7dbe0270684a
                                                                                                                                    • Instruction Fuzzy Hash: 98417F31A19A8791EB21FB28E4541E96325FB54794F800232EB5DC76A7EF3CE715C780
                                                                                                                                    Function 00007FF6B79765E4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                    • Opcode ID: a7851f35165aa053145fe01894016aececa3f2381e8a001c745c02259ff3d92e
                                                                                                                                    • Instruction ID: 50b4213362df1d59f137e6698c18ded17fdcc238f71871929ecb457a086ddc1f
                                                                                                                                    • Opcode Fuzzy Hash: a7851f35165aa053145fe01894016aececa3f2381e8a001c745c02259ff3d92e
                                                                                                                                    • Instruction Fuzzy Hash: D2419222E18B8383E754AB2595103A96260FF957A4F109334E79D83AE7EF6CA5E08740
                                                                                                                                    Function 00007FF6B797A968 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                    • Opcode ID: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                    • Instruction ID: 0fe3963dc8aa7991a3a858cf50c2e412519600cd6bb4841f527815dabcfaff88
                                                                                                                                    • Opcode Fuzzy Hash: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                    • Instruction Fuzzy Hash: 8CD09210B0C60342EA5CBB7D5C9527912519F8CBA1F012838CA8F863B3CE2DE8595720
                                                                                                                                    Function 00007FF6B796F694 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 959 7ff6b796f694-7ff6b796f6c1 960 7ff6b796f6dd 959->960 961 7ff6b796f6c3-7ff6b796f6c6 959->961 963 7ff6b796f6df-7ff6b796f6f3 960->963 961->960 962 7ff6b796f6c8-7ff6b796f6cb 961->962 964 7ff6b796f6cd-7ff6b796f6d2 call 7ff6b7975e48 962->964 965 7ff6b796f6f4-7ff6b796f6f7 962->965 977 7ff6b796f6d8 call 7ff6b797b824 964->977 967 7ff6b796f6f9-7ff6b796f705 965->967 968 7ff6b796f707-7ff6b796f70b 965->968 967->968 970 7ff6b796f732-7ff6b796f73b 967->970 971 7ff6b796f70d-7ff6b796f717 call 7ff6b798b740 968->971 972 7ff6b796f71f-7ff6b796f722 968->972 975 7ff6b796f73d-7ff6b796f740 970->975 976 7ff6b796f742 970->976 971->972 972->964 974 7ff6b796f724-7ff6b796f730 972->974 974->964 974->970 979 7ff6b796f747-7ff6b796f766 975->979 976->979 977->960 981 7ff6b796f76c-7ff6b796f77a 979->981 982 7ff6b796f8ad-7ff6b796f8b0 979->982 983 7ff6b796f77c-7ff6b796f783 981->983 984 7ff6b796f7f2-7ff6b796f7f7 981->984 982->963 983->984 985 7ff6b796f785 983->985 986 7ff6b796f7f9-7ff6b796f805 984->986 987 7ff6b796f864-7ff6b796f867 call 7ff6b797cdac 984->987 989 7ff6b796f78b-7ff6b796f795 985->989 990 7ff6b796f8d8 985->990 991 7ff6b796f807-7ff6b796f80e 986->991 992 7ff6b796f811-7ff6b796f817 986->992 994 7ff6b796f86c-7ff6b796f86f 987->994 995 7ff6b796f79b-7ff6b796f7a1 989->995 996 7ff6b796f8b5-7ff6b796f8b9 989->996 993 7ff6b796f8dd-7ff6b796f8e8 990->993 991->992 992->996 997 7ff6b796f81d-7ff6b796f83a call 7ff6b797b384 call 7ff6b797c95c 992->997 993->963 994->993 998 7ff6b796f871-7ff6b796f874 994->998 999 7ff6b796f7d9-7ff6b796f7ed 995->999 1000 7ff6b796f7a3-7ff6b796f7a6 995->1000 1001 7ff6b796f8bb-7ff6b796f8c3 call 7ff6b798b740 996->1001 1002 7ff6b796f8c8-7ff6b796f8d3 call 7ff6b7975e48 996->1002 1018 7ff6b796f83f-7ff6b796f841 997->1018 998->996 1006 7ff6b796f876-7ff6b796f88d 998->1006 1007 7ff6b796f894-7ff6b796f89f 999->1007 1008 7ff6b796f7a8-7ff6b796f7ae 1000->1008 1009 7ff6b796f7c4-7ff6b796f7cf call 7ff6b7975e48 call 7ff6b797b824 1000->1009 1001->1002 1002->977 1006->1007 1007->981 1014 7ff6b796f8a5 1007->1014 1015 7ff6b796f7ba-7ff6b796f7bf call 7ff6b798b740 1008->1015 1016 7ff6b796f7b0-7ff6b796f7b8 call 7ff6b798b0a0 1008->1016 1025 7ff6b796f7d4 1009->1025 1014->982 1015->1009 1016->1025 1022 7ff6b796f8ed-7ff6b796f8f2 1018->1022 1023 7ff6b796f847 1018->1023 1022->993 1023->990 1026 7ff6b796f84d-7ff6b796f862 1023->1026 1025->999 1026->1007
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: eff41cba983b05e0f9e09f52185aba8178b112ae95ee52c2a1f9a5fdd57fcc68
                                                                                                                                    • Instruction ID: 8d5e653d89a6e57d740953ff50b58351a27fbe6cf7cabfe564a0a7376aa2d63e
                                                                                                                                    • Opcode Fuzzy Hash: eff41cba983b05e0f9e09f52185aba8178b112ae95ee52c2a1f9a5fdd57fcc68
                                                                                                                                    • Instruction Fuzzy Hash: 4C519562B0968786FB64BB2D940067A6692BF44BA4F184734EF6D877F7CF3CD5018640
                                                                                                                                    Function 00007FF6B796C1FC Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1236291503-0
                                                                                                                                    • Opcode ID: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                    • Instruction ID: de63cd92c77f3cb9fb2eb90c382b6e67c208ed39d6b407df740eb05d7495152f
                                                                                                                                    • Opcode Fuzzy Hash: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                    • Instruction Fuzzy Hash: 0A311821E0C64342EB58BB6D95513B92292AF4AB84F845235FB5EC72F7DE2CF6048390
                                                                                                                                    Function 00007FF6B797D318 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileHandleType
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3000768030-0
                                                                                                                                    • Opcode ID: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                    • Instruction ID: cf0e1ff42a7b8a6d0e5e34f69f3357780817c221262aaff29a6d68e763dc1b30
                                                                                                                                    • Opcode Fuzzy Hash: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                    • Instruction Fuzzy Hash: C3318621A19B4782E760AB1D958017D6A50FB45FB8F641339DB6E973F1CF38E461E300
                                                                                                                                    Function 00007FF6B797D034 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF6B797D020,?,?,?,?,?,00007FF6B797D129), ref: 00007FF6B797D080
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00007FF6B797D020,?,?,?,?,?,00007FF6B797D129), ref: 00007FF6B797D08A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                    • Opcode ID: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                    • Instruction ID: 397ab510c458689c09c78054978e0aaa502d249893bd049ac6cb19cb1c9f5310
                                                                                                                                    • Opcode Fuzzy Hash: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                    • Instruction Fuzzy Hash: 5A11BF61A08B8381DA10AB29A404069A761EB44FF4F545331EB7D8B7FACF7CD0559744
                                                                                                                                    Function 00007FF6B797B464 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                    • Opcode ID: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                    • Instruction ID: 37151babdfde6417281b90de849df898a9d590280e13ae0724eaea8169a903ed
                                                                                                                                    • Opcode Fuzzy Hash: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                    • Instruction Fuzzy Hash: F6E0EC51F0960392FF597BFA984907811A15F88B90F444534DB1DC6273DF2C68855710
                                                                                                                                    Function 00007FF6B797BA60 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00007FF6B797B8DD,?,?,00000000,00007FF6B797B992), ref: 00007FF6B797BACE
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B797B8DD,?,?,00000000,00007FF6B797B992), ref: 00007FF6B797BAD8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                    • Opcode ID: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                    • Instruction ID: fd9e6582d61848c0b3588edc17c4878ab698b9683870415de89e2fcdae4dc1fe
                                                                                                                                    • Opcode Fuzzy Hash: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                    • Instruction Fuzzy Hash: 2A21A120F0868381FE69776DA49427D12E29F44BA0F444235DB2EC77F3CF6CA4454300
                                                                                                                                    Function 00007FF6B797CDAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: cf3d959f73a155a0d737dce44897d7a2acb78217b54b69b3c35a670fde34ce7f
                                                                                                                                    • Instruction ID: 29b8bcf75a7901464ce221368a2f95d78751b3853ba9c5c74d0a86d910479558
                                                                                                                                    • Opcode Fuzzy Hash: cf3d959f73a155a0d737dce44897d7a2acb78217b54b69b3c35a670fde34ce7f
                                                                                                                                    • Instruction Fuzzy Hash: 0441BD3290924387EA74AB2DA54027D77A5FF56B84F140131DBAEC3AE2CF2DE842D751
                                                                                                                                    Function 00007FF6B79673D0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                    • Opcode ID: 0ad199126052df92ffd6ac164cc1103a4355e81bcae592e20b7dc19bc59406c4
                                                                                                                                    • Instruction ID: db31b1f1b54a11dc19dadc9b5361dda2d2b10a7752214b4cd4441307b84efa3b
                                                                                                                                    • Opcode Fuzzy Hash: 0ad199126052df92ffd6ac164cc1103a4355e81bcae592e20b7dc19bc59406c4
                                                                                                                                    • Instruction Fuzzy Hash: FD21A621B0869345FB10BB2A65083BA9A52BF45BD4F884530EF4DC77ABCE7CE241C340
                                                                                                                                    Function 00007FF6B797C83C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 253ecda3210493d2f26eb4f52b5119aed9cb222ec82c37949b93d1e134238cda
                                                                                                                                    • Instruction ID: 851abeb4c2479d83f6b3f7ec0b78b63ddf72d3b2cb01dd79851f861fa4fd2d5e
                                                                                                                                    • Opcode Fuzzy Hash: 253ecda3210493d2f26eb4f52b5119aed9cb222ec82c37949b93d1e134238cda
                                                                                                                                    • Instruction Fuzzy Hash: 41312532A1CA1396F691BB6D98413BC2694AF85BA4F510235EB2D833F3DF7CE8418711
                                                                                                                                    Function 00007FF6B797A899 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                    • Opcode ID: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                    • Instruction ID: 08a8800bb04859b189d95420386e75bca66aeaef110646d3bc62e7bcf3008d4a
                                                                                                                                    • Opcode Fuzzy Hash: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                    • Instruction Fuzzy Hash: 82218132E097478AEB29AF6CC8842ED33A0EB04758F150635D76D86AE6EF38D594C744
                                                                                                                                    Function 00007FF6B7976F54 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                    • Instruction ID: ad97f9c560f11bc4761d2c8c147f11d489da664d2bdfce4069b025a6914620c3
                                                                                                                                    • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                    • Instruction Fuzzy Hash: 09117522A1C64381FA61BF59D40127EA360BF85B80F444035EB4ED7BA7DF3DD8518750
                                                                                                                                    Function 00007FF6B79875C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                    • Instruction ID: 90bea9dc51c43a8b3e3ecfde62f3e993e5a16408433f6d285b29f5f4e0bedede
                                                                                                                                    • Opcode Fuzzy Hash: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                    • Instruction Fuzzy Hash: B6213372A18A8386DB61AF5CD44037976A1EB94B94F544334E75DC76E6DF3DD4408B00
                                                                                                                                    Function 00007FF6B796F914 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                    • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                    • Instruction ID: 8c41885740010132f9adeac5aec84913b090092b223f9924a0439a2e3089db27
                                                                                                                                    • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                    • Instruction Fuzzy Hash: 9B016121A08B4381EA44AB5A9901179A696BF95FE0F484631EF6C97BFBDF3CE5018740
                                                                                                                                    Function 00007FF6B79684C0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF6B7968950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B7963A04,00000000,00007FF6B7961965), ref: 00007FF6B7968989
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00007FF6B79658B6,00000000,00007FF6B796272E), ref: 00007FF6B79684E2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2592636585-0
                                                                                                                                    • Opcode ID: 23c3e83c88c6dd3b1e5c72de45a30bd43877c4c0a868aa4986197d83ba81d9e2
                                                                                                                                    • Instruction ID: 8072c3fd26fc83960744002595f5dcf23e13bb79c1d8a068fe0a7d289c71ada9
                                                                                                                                    • Opcode Fuzzy Hash: 23c3e83c88c6dd3b1e5c72de45a30bd43877c4c0a868aa4986197d83ba81d9e2
                                                                                                                                    • Instruction Fuzzy Hash: 47D08C12B2424341EB84B76BBA4652951529F89BC0E488034EF1C83B66EC3CD0810B00
                                                                                                                                    Function 00007FF6B796C3DC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6B796C3F0
                                                                                                                                      • Part of subcall function 00007FF6B796CE18: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF6B796CE20
                                                                                                                                      • Part of subcall function 00007FF6B796CE18: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF6B796CE25
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1208906642-0
                                                                                                                                    • Opcode ID: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                    • Instruction ID: 27575bb9167b972cc8ee2836ab6cb33b2a63bce0b54ea9f4e7bcf7d121b463e6
                                                                                                                                    • Opcode Fuzzy Hash: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                    • Instruction Fuzzy Hash: 75E0B620D0E24381FF653B6D14522B906511F27344F901675FB7DD22F3DE0DF65622A6
                                                                                                                                    Function 00007FF6B797FE04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF6B797C22A,?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392), ref: 00007FF6B797FE59
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                    • Opcode ID: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                    • Instruction ID: 0f6be29efef8f4255632546a2e39c8eec0a8b4a5cec7b0e5f7be16e0a3edc206
                                                                                                                                    • Opcode Fuzzy Hash: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                    • Instruction Fuzzy Hash: 7EF09050B19607C5FE587BAD99153B452925F88B80F0C4430CF0EDA3F3EF2CE5824220
                                                                                                                                    Function 00007FF6B797E6C4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF6B7970268,?,?,?,00007FF6B79718D2,?,?,?,?,?,00007FF6B7974595), ref: 00007FF6B797E702
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                    • Opcode ID: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                    • Instruction ID: 59053278af22aae22f5d1125ea005bb10529a38beadb9fbd49b6068a87c4253b
                                                                                                                                    • Opcode Fuzzy Hash: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                    • Instruction Fuzzy Hash: FDF01211F1D20349FE687BA9594527512805F447A0F084630EF2EC93F3EF2CE8508612

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 00007FF6B7968020 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLastMessage$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                    • API String ID: 4208240515-3165540532
                                                                                                                                    • Opcode ID: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                    • Instruction ID: 6004a57653a8f4f2703e372f75aaf65bc4ba140dcfb91c44ef4fa55662b4b9ee
                                                                                                                                    • Opcode Fuzzy Hash: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                    • Instruction Fuzzy Hash: 0CD16232A08B8386EB10EF78E8546A93761FF88B98F404235DB5D92AB6DF3CD145D750
                                                                                                                                    Function 00007FF8BA4F1630 Relevance: 49.2, APIs: 24, Strings: 4, Instructions: 169threadfilesynchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLastThread$CloseErr_FromHandleStringUnicode_$CharCreateEval_FreeMem_Wide$AuditCodeExitFileFormatObjectPipeReadRestoreSaveSingleSizeSys_WaitWindows_wcsnicmp
                                                                                                                                    • String ID: Query returns more than %zd characters$_wmi.exec_query$only SELECT queries are supported$select
                                                                                                                                    • API String ID: 1485273037-3471808114
                                                                                                                                    • Opcode ID: 04eeac85c1eeaf903d6b2c6fd9ce83124eba418c2ae2e71384d55c566909e990
                                                                                                                                    • Instruction ID: 6089718b9fa4525a8ba15586ba8c9506294f89be30d84f06b088c1c55185890a
                                                                                                                                    • Opcode Fuzzy Hash: 04eeac85c1eeaf903d6b2c6fd9ce83124eba418c2ae2e71384d55c566909e990
                                                                                                                                    • Instruction Fuzzy Hash: F6714D36A18A4286FB508F2DE89453A63A1FF85BC0F1564B6EF4E42A64DF3EE445C700
                                                                                                                                    Function 00007FF8BA4F10C0 Relevance: 33.6, APIs: 17, Strings: 2, Instructions: 351memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: String$Alloc$CloseFreeHandle
                                                                                                                                    • String ID: ROOT\CIMV2$WQL
                                                                                                                                    • API String ID: 1604210422-3419750859
                                                                                                                                    • Opcode ID: 9cfe86a776052ca8d260b67ffcf279b02e100874fa9fb3c095712ec9d8a637de
                                                                                                                                    • Instruction ID: 528af81b18721e246f0dc729df745633758870e1905223b16ecba2e4d8cbd3f8
                                                                                                                                    • Opcode Fuzzy Hash: 9cfe86a776052ca8d260b67ffcf279b02e100874fa9fb3c095712ec9d8a637de
                                                                                                                                    • Instruction Fuzzy Hash: 39F15E36608B4286EB108B6DE48026E77A4FB85BD4F506576DF5E43BA4DF3ED444C700
                                                                                                                                    Function 00007FF8B8791960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101193437.00007FF8B8791000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8B8790000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101165795.00007FF8B8790000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101233210.00007FF8B8794000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101273506.00007FF8B8795000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101301497.00007FF8B8796000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8790000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                    • Instruction ID: b6c3b34925ee461ff568d7fe283a2485f7210dc9d0fa41b89d0476d339b789b6
                                                                                                                                    • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                    • Instruction Fuzzy Hash: AF316C72658B819AEB608F68E8503ED7360FB84788F44403ADB4E47B88DF3CD659C718
                                                                                                                                    Function 00007FF8B8F71960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102123971.00007FF8B8F71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102106277.00007FF8B8F70000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102140246.00007FF8B8F72000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102158722.00007FF8B8F74000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f70000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                    • Instruction ID: 124ee016af9eae3e63b48fe652e3df983defc82b9e147f34a4247ba6ec032842
                                                                                                                                    • Opcode Fuzzy Hash: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                    • Instruction Fuzzy Hash: 87313A76608E828AFB608F64E8503ED7765FB84785F44403ADB8E47B98DF38D649C718
                                                                                                                                    Function 00007FF8B8CB1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102047171.00007FF8B8CB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8CB0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102026595.00007FF8B8CB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102068733.00007FF8B8CB3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102086433.00007FF8B8CB5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8cb0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction ID: 4fe0efdba15bc9838fc5d6ee293c15ee1d944ddcadc0011c73e749dee488d2c2
                                                                                                                                    • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction Fuzzy Hash: 8C314DB2608F8589EBA08F64F8643ED73A4FB84784F44403ADB4E47A94DF38D649C718
                                                                                                                                    Function 00007FF8B78B1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100250649.00007FF8B78B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B78B0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100218434.00007FF8B78B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100277880.00007FF8B78B3000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100325323.00007FF8B78B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b78b0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction ID: 9749681b75848f293cd0e2e888af67c704c95ccb6af9ffe6c47b402e3d42a5e3
                                                                                                                                    • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction Fuzzy Hash: B4314972B08F858AEB608F65E8503ED6760FB84784F44403ADB4E47BA8DF39D648C708
                                                                                                                                    Function 00007FF8B8B01960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101541388.00007FF8B8B01000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101519602.00007FF8B8B00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101560666.00007FF8B8B03000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101580458.00007FF8B8B04000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101601557.00007FF8B8B05000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b00000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction ID: a3f4667fc3a3a7f997a498995f0f530528e349925e500f6364eec9009526ffd8
                                                                                                                                    • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction Fuzzy Hash: 1E315072609B8189EB648FB4E8543ED7364FB84784F44403ADB4E57BA4EF38D649C718
                                                                                                                                    Function 00007FF8B8C11960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101878039.00007FF8B8C11000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8C10000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101815910.00007FF8B8C10000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101897238.00007FF8B8C13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101914559.00007FF8B8C14000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101931121.00007FF8B8C15000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8c10000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction ID: c40eed57eb76d66a3857a7117c28f44a287130b01746b50faf0e27711a6541e3
                                                                                                                                    • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction Fuzzy Hash: AF3173B2605B8189EBA09F64E8A43EE7760FB44788F44503ADB4D47784DF3CD649C708
                                                                                                                                    Function 00007FF8B78C1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100399510.00007FF8B78C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FF8B78C0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100353519.00007FF8B78C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100429572.00007FF8B78C2000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100477964.00007FF8B78C4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b78c0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                    • Instruction ID: cf11cde4027bdead957517bf933bc399e3035186e5fadca6ffd1d8a1ca9d49b8
                                                                                                                                    • Opcode Fuzzy Hash: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                    • Instruction Fuzzy Hash: 33312A62B08B8189EB609F69E8903ED6765FB84784F44403ADB4E47BA4DF38D64CC714
                                                                                                                                    Function 00007FF8B8081960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101072102.00007FF8B8081000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8B8080000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100995731.00007FF8B8080000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101101057.00007FF8B8085000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101122183.00007FF8B8086000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101142517.00007FF8B8087000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8080000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: 36b791249e45fdaaaa5c0498a025d542db75cf109b22524036ed28c1776144b0
                                                                                                                                    • Instruction ID: 29848d70200f5c874dd943c740a1b1f2e19f08bae335bb47110c90b592bc55f4
                                                                                                                                    • Opcode Fuzzy Hash: 36b791249e45fdaaaa5c0498a025d542db75cf109b22524036ed28c1776144b0
                                                                                                                                    • Instruction Fuzzy Hash: 26313072609B8189EB609F64E8503ED73A4FB84784F44443ADB4D47BD5EF38D58ACB18
                                                                                                                                    Function 00007FF8B7891960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2099975294.00007FF8B7891000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8B7890000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2099859726.00007FF8B7890000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100020058.00007FF8B7894000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100044993.00007FF8B7895000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100071856.00007FF8B7896000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b7890000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                    • Instruction ID: 1377e603d93bfdbbdb0ffff601fed5c6212df8400dfd098acb4ff1206bf335ee
                                                                                                                                    • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                    • Instruction Fuzzy Hash: 68315072B09B8189EBA08F65E8503EE7764FB84788F44503ADB4E47BA4DF38D648C714
                                                                                                                                    Function 00007FF8B8831960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101352026.00007FF8B8831000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8830000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101325282.00007FF8B8830000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101370847.00007FF8B8833000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101393527.00007FF8B8835000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8830000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction ID: b9d0d3058989607e57248d65e8e91e54dc087b2a9f195d2a9fba0034124d2ca1
                                                                                                                                    • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction Fuzzy Hash: 96316D76748B818AEB608F64E8503ED7360FB88784F44443AEB4D47A84DF3CD649C718
                                                                                                                                    Function 00007FF8B8071960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100937569.00007FF8B8071000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8B8070000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100873725.00007FF8B8070000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100958392.00007FF8B8073000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100976861.00007FF8B8075000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8070000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction ID: 0045d9569153635bb61cf5f42fe69ea01cffd23cb4efa0dd09a12b93d20339c7
                                                                                                                                    • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction Fuzzy Hash: 61314D76609B8289EB608FA4E8503ED7764FB94784F44403ADB4D47AD4DF38D64AC718
                                                                                                                                    Function 00007FF8B78A1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100121568.00007FF8B78A1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B78A0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100092933.00007FF8B78A0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100149958.00007FF8B78A3000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100177646.00007FF8B78A5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b78a0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction ID: 3695a5aeb6c4d2b4aa156777c7dbee6112df94275ead8af46fbe8505dc509266
                                                                                                                                    • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                    • Instruction Fuzzy Hash: 48313C72B08B8589EB608F65E8507ED7774FB84784F44403ADB4E47AA4DF38D648C714
                                                                                                                                    Function 00007FF8B8F8AB04 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: 84ef9f658568e1169618e01d7f7e66f782ecbbc417d2bf64887624cf1f790058
                                                                                                                                    • Instruction ID: 3e955d97d12052c4aac8cff03405cd3e31453ef842ab27896db5662647bdef13
                                                                                                                                    • Opcode Fuzzy Hash: 84ef9f658568e1169618e01d7f7e66f782ecbbc417d2bf64887624cf1f790058
                                                                                                                                    • Instruction Fuzzy Hash: 72317E72609B81CAEB609F64E840BED3361FB84785F04443ADB4E47B9AEF38D549C718
                                                                                                                                    Function 00007FF8B8B33E1C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: 48c08bee3526ef2ca516a0545fa101257da57e65ca0cc6711f688dd5cfd182e9
                                                                                                                                    • Instruction ID: f0be92750659dcb04fe4f53664154320b3c0f248d428c7137d5cf458afc50d8b
                                                                                                                                    • Opcode Fuzzy Hash: 48c08bee3526ef2ca516a0545fa101257da57e65ca0cc6711f688dd5cfd182e9
                                                                                                                                    • Instruction Fuzzy Hash: 1F313D72649B818AEB608F78E8803EE7360FB88784F44403ADB4E47B94EF38D549C714
                                                                                                                                    Function 00007FF8BA4F309C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                    • Opcode ID: a45eafd7d4b44b8a5973da5f2ad2bce51eacc2a01120d5580aa9e3bf9f78274f
                                                                                                                                    • Instruction ID: 2c7070c2ebe796f22159ed27d75917c2efceed0f03404c7c3ce3cc5838be1b87
                                                                                                                                    • Opcode Fuzzy Hash: a45eafd7d4b44b8a5973da5f2ad2bce51eacc2a01120d5580aa9e3bf9f78274f
                                                                                                                                    • Instruction Fuzzy Hash: 87313B72609B818AEB609F64E8807EE7364FB84788F44543ADF4E47B98EF39D548C714
                                                                                                                                    Function 00007FF8B8081D30 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 257COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101072102.00007FF8B8081000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8B8080000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100995731.00007FF8B8080000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101101057.00007FF8B8085000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101122183.00007FF8B8086000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101142517.00007FF8B8087000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8080000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memcpy$_wassert
                                                                                                                                    • String ID: D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                    • API String ID: 4178124637-3286700114
                                                                                                                                    • Opcode ID: 9fd48034940160ff137dafc7768c8653c858100760cfcc45bc03f43c08ef4dc7
                                                                                                                                    • Instruction ID: eed523b1e0a5e69843708873b8028e04ff2061733e0a80eb10a3d079961e9003
                                                                                                                                    • Opcode Fuzzy Hash: 9fd48034940160ff137dafc7768c8653c858100760cfcc45bc03f43c08ef4dc7
                                                                                                                                    • Instruction Fuzzy Hash: 13B17262E18A9286EB41CB38C9046F967A1FB957D8F059231EB4912A87DF38E5C7C704
                                                                                                                                    Function 00007FF6B7967800 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                    • String ID: %s\*
                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                    • Opcode ID: 33e10a2293b6f66987fc751628de3762a02ba3a339ba911e57677f2f560f8a7f
                                                                                                                                    • Instruction ID: 4e4bef1f7ca2be19094be934fdadf209b8354953ad750e4de2f7bf6a14032438
                                                                                                                                    • Opcode Fuzzy Hash: 33e10a2293b6f66987fc751628de3762a02ba3a339ba911e57677f2f560f8a7f
                                                                                                                                    • Instruction Fuzzy Hash: F6411221A1C54385EB30BB78E4546B963A1FB94B94F500732D75DC36AAEF3CD646C780
                                                                                                                                    Function 00007FF6B796C6FC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                    • Opcode ID: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                    • Instruction ID: ba244204189bb65371f6442375a22464b7b6657714b297d21dc3e20a7b7a9f4d
                                                                                                                                    • Opcode Fuzzy Hash: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                    • Instruction Fuzzy Hash: 37314D72609B8386EB64AF68E8407ED7364FB88744F44403ADB4D87BA5DF38D648C710
                                                                                                                                    Function 00007FF6B7986E70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B7986EB5
                                                                                                                                      • Part of subcall function 00007FF6B7986808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798681C
                                                                                                                                      • Part of subcall function 00007FF6B797B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                      • Part of subcall function 00007FF6B797B464: GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                      • Part of subcall function 00007FF6B797B844: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6B797B823,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797B84D
                                                                                                                                      • Part of subcall function 00007FF6B797B844: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6B797B823,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797B872
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B7986EA4
                                                                                                                                      • Part of subcall function 00007FF6B7986868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798687C
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798711A
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798712B
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798713C
                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B798737C), ref: 00007FF6B7987163
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4070488512-0
                                                                                                                                    • Opcode ID: 0173cbac813c15378d40c9e56499cd14d87a7a7d5cd8bcf6202161c05a5fa724
                                                                                                                                    • Instruction ID: 39bd5037666336b1f83ce5c3399a79ce264552e4a4dab4cb6364c46e1f0ad2c8
                                                                                                                                    • Opcode Fuzzy Hash: 0173cbac813c15378d40c9e56499cd14d87a7a7d5cd8bcf6202161c05a5fa724
                                                                                                                                    • Instruction Fuzzy Hash: 6BD18C26E0825386EB20FF6AD8515B96761EF847D4F448136EB4DCBAA7DF3CE4418740
                                                                                                                                    Function 00007FF6B797B558 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                    • Opcode ID: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                    • Instruction ID: f55ea423b58cb7319b7af1ec2b96304b94aea2717a3627f8cd9cc55bff8222df
                                                                                                                                    • Opcode Fuzzy Hash: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                    • Instruction Fuzzy Hash: D7314136608F8385DB64DB29E8406AD73A4FB88798F540135EB9D83B65DF38D555CB00
                                                                                                                                    Function 00007FF8B8792150 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101193437.00007FF8B8791000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8B8790000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101165795.00007FF8B8790000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101233210.00007FF8B8794000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101273506.00007FF8B8795000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101301497.00007FF8B8796000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8790000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memset$_wassert
                                                                                                                                    • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                    • API String ID: 3746435480-330188172
                                                                                                                                    • Opcode ID: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                    • Instruction ID: 4a7dc8a5a2160c9cf2bdf47c0651c0fd5da0ca0003734ce3b87c47e8426002d5
                                                                                                                                    • Opcode Fuzzy Hash: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                    • Instruction Fuzzy Hash: 0E5190232292D19FC309CF7D95500AC7F71E766B48B0CC0AAEBA48774BCA18D669C775
                                                                                                                                    Function 00007FF6B7982AE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                    • Opcode ID: b6a193d294c3b32593d30be4cab4f407475a0a4c133e91729be199528772a0a4
                                                                                                                                    • Instruction ID: ed00c62b0a6020271656a83ed606232297430cfcd67fc3df4d4f01a6aee06b4f
                                                                                                                                    • Opcode Fuzzy Hash: b6a193d294c3b32593d30be4cab4f407475a0a4c133e91729be199528772a0a4
                                                                                                                                    • Instruction Fuzzy Hash: 1CB1B526B1869381EE60EB29D8006B967A1EB44BE4F445132EF5E87BE7DF3CE541C300
                                                                                                                                    Function 00007FF6B79870EC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798711A
                                                                                                                                      • Part of subcall function 00007FF6B7986868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798687C
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798712B
                                                                                                                                      • Part of subcall function 00007FF6B7986808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798681C
                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6B798713C
                                                                                                                                      • Part of subcall function 00007FF6B7986838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B798684C
                                                                                                                                      • Part of subcall function 00007FF6B797B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                      • Part of subcall function 00007FF6B797B464: GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B798737C), ref: 00007FF6B7987163
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3458911817-0
                                                                                                                                    • Opcode ID: f3046009ef5eb4ee2f9f04adf13bbb5e89ae69c332d55b3385a3975d24ee77c8
                                                                                                                                    • Instruction ID: c96997d70828ee8cfc6c20714309d282283c0fb39847b14170b9a4d50c716916
                                                                                                                                    • Opcode Fuzzy Hash: f3046009ef5eb4ee2f9f04adf13bbb5e89ae69c332d55b3385a3975d24ee77c8
                                                                                                                                    • Instruction Fuzzy Hash: 7D511926E1864386E720FF69E8915A96761FB88784F44413AEB4DC7BB7DF3CE4418B40
                                                                                                                                    Function 00007FF8B7892EB0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2099975294.00007FF8B7891000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8B7890000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2099859726.00007FF8B7890000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100020058.00007FF8B7894000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100044993.00007FF8B7895000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100071856.00007FF8B7896000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b7890000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wassert
                                                                                                                                    • String ID: OCB_ENCRYPT==direction || OCB_DECRYPT==direction$src/raw_ocb.c
                                                                                                                                    • API String ID: 3234217646-1106498308
                                                                                                                                    • Opcode ID: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                    • Instruction ID: f881a619575d98a9a0aa144545716f75e89db341cd48ef511ecef61f13f4a534
                                                                                                                                    • Opcode Fuzzy Hash: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                    • Instruction Fuzzy Hash: 56E13B4210D6D008C7168F7A90206BE7FF0DB5FA59F4D81B6EBE94E58BD508C254EB2A
                                                                                                                                    Function 00007FF6B7964C40 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964C50
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964C62
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964C99
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CAB
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CC4
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CD6
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964CEF
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D01
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D1D
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D2F
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D4B
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D5D
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D79
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964D8B
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DA7
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DB9
                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DD5
                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6B796590F,00000000,00007FF6B796272E), ref: 00007FF6B7964DE7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                    • Opcode ID: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                    • Instruction ID: 71f57f5da4639ef557f696a3b37ffc328eaaf273a7949bf2d6977bf74f176beb
                                                                                                                                    • Opcode Fuzzy Hash: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                    • Instruction Fuzzy Hash: 4922E524D0EB0799FA45FF6CB8649B423B1AF58BC0B941135DA1E86372EF3CB649D250
                                                                                                                                    Function 00007FF6B7966B00 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                    • Opcode ID: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                    • Instruction ID: 4183d55e78d857847bbd378a0cd18569dba60e022bf92ce7c0f4336bfeb68002
                                                                                                                                    • Opcode Fuzzy Hash: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                    • Instruction Fuzzy Hash: B802D464E0DB07D0FA15BF6DB81497423B1AF09BD4F941236CA1E86276EF3CB649E250
                                                                                                                                    Function 00007FF8B8B32770 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 229COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                                                                                    • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                                                                                    • API String ID: 2322464913-730042774
                                                                                                                                    • Opcode ID: 986697da8c1f6c21c2b7c170f9457417e1e63e6fcfbb2d8b7b151c2f92ef95b7
                                                                                                                                    • Instruction ID: cf54003181543feeaef24f934fbe87f9b512f0aab70d5de730887fa18bbfd47e
                                                                                                                                    • Opcode Fuzzy Hash: 986697da8c1f6c21c2b7c170f9457417e1e63e6fcfbb2d8b7b151c2f92ef95b7
                                                                                                                                    • Instruction Fuzzy Hash: B6A10B21B98A5366EB149F3AEA402B9B361AF04BC5F405030CF1D8B665FF6DF50AC719
                                                                                                                                    Function 00007FF8B9F694B8 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                    • API String ID: 2943138195-1482988683
                                                                                                                                    • Opcode ID: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                                                                    • Instruction ID: 3363459995a15f32c9d863d3d7aedbef8cc6ce0a6d87c25b3936c78868824cec
                                                                                                                                    • Opcode Fuzzy Hash: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                                                                    • Instruction Fuzzy Hash: BF025172E18B9698FB148F6DD8941BC2BB1FB063E6F506135CB0D56B9ADF2C9584C340
                                                                                                                                    Function 00007FF8B9F6CDBC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                    • String ID: `anonymous namespace'
                                                                                                                                    • API String ID: 3863519203-3062148218
                                                                                                                                    • Opcode ID: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                                                                    • Instruction ID: 956e9d08a24cd471b88259dd6a27d2a89bd28e3e3a8110ab969681c911281239
                                                                                                                                    • Opcode Fuzzy Hash: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                                                                    • Instruction Fuzzy Hash: DEE15B72A08BC299EB10CF28D8801AD7BA0FB457A5F406136EB8D57B69DF3CE555C710
                                                                                                                                    Function 00007FF8BA4F1D48 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 196libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DloadSection$AccessWrite$ExceptionProtectRaiseRelease$AcquireErrorLastLibraryLoad
                                                                                                                                    • String ID: H
                                                                                                                                    • API String ID: 282135826-2852464175
                                                                                                                                    • Opcode ID: d42aea73f348974f26458a495925efa8fe9c653952d7398aa55b21cc37bbe293
                                                                                                                                    • Instruction ID: 95703625bb556bdd43a7996ca0cc22298474f013d836b9b982f1c842e72a0be8
                                                                                                                                    • Opcode Fuzzy Hash: d42aea73f348974f26458a495925efa8fe9c653952d7398aa55b21cc37bbe293
                                                                                                                                    • Instruction Fuzzy Hash: 64912836B15B528AEB44CF69E8846A833A1FF09BC8B05657ADF0D17B58EF39E444C700
                                                                                                                                    Function 00007FF8B8B270C0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 156threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Dealloc$Err_LongString$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                                                                                    • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                                                                                    • API String ID: 553332449-1518367256
                                                                                                                                    • Opcode ID: fce615720a26a9224efc20bfd4a0ccc9f1d93e1b37529aac315febdcaf14bf85
                                                                                                                                    • Instruction ID: 55b60ad2fd5a8b8dc5c7933152e80cd9bf3b81bce3d131c120d187d2a0c5549e
                                                                                                                                    • Opcode Fuzzy Hash: fce615720a26a9224efc20bfd4a0ccc9f1d93e1b37529aac315febdcaf14bf85
                                                                                                                                    • Instruction Fuzzy Hash: C5614921A08A42C5EA64CF3EA81427E77A1EF4ABD5F884235DF0D06798DF3CE446875D
                                                                                                                                    Function 00007FF8B8B30C34 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 112COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_$LongMem_String$Arg_CallocClearDeallocExceptionFreeItemKeywords_Long_Mapping_MatchesOccurredParseSizeTupleUnsigned
                                                                                                                                    • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                                                                                    • API String ID: 1879153319-1461672608
                                                                                                                                    • Opcode ID: 039f3354802ec4eb05e695dda684c27d4a5e75b5cfcf34d5c9c1f24f27da74a5
                                                                                                                                    • Instruction ID: 3d2205ffb271d4b2277997c6ff99bef8de7f21359523d273262ed4118292d644
                                                                                                                                    • Opcode Fuzzy Hash: 039f3354802ec4eb05e695dda684c27d4a5e75b5cfcf34d5c9c1f24f27da74a5
                                                                                                                                    • Instruction Fuzzy Hash: 5651FB36A88B4295EA218F29F8402AA73A4FF88BC4F544135DB8D43B64DF7CE45AC745
                                                                                                                                    Function 00007FF6B7967610 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF6B7968950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B7963A04,00000000,00007FF6B7961965), ref: 00007FF6B7968989
                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6B7967CF7,FFFFFFFF,00000000,?,00007FF6B7963101), ref: 00007FF6B796766C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                    • API String ID: 2001182103-930877121
                                                                                                                                    • Opcode ID: cbe9cd6458bf822e1a1f7cd27d90bebd40b50bd1448e24244982f0440f8cb230
                                                                                                                                    • Instruction ID: 19b59fd4d0fa2189a1d3036f4959b7ca07fedf5fddbc9d8bb49a326596165768
                                                                                                                                    • Opcode Fuzzy Hash: cbe9cd6458bf822e1a1f7cd27d90bebd40b50bd1448e24244982f0440f8cb230
                                                                                                                                    • Instruction Fuzzy Hash: 5F515821A2DA4351FB50BB2DE8556BA6261EF947C0F541531DB0EC26FBEF3CE6048780
                                                                                                                                    Function 00007FF8B9F6DC24 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                                                                    • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                    • API String ID: 2331677841-2441609178
                                                                                                                                    • Opcode ID: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                                                                    • Instruction ID: 79f7f86b19698ebff7298fe6d4d46c1c29fbeabff82071bd15b53d90a85fb32b
                                                                                                                                    • Opcode Fuzzy Hash: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                                                                    • Instruction Fuzzy Hash: 18F1AE32E1C78298FB149F6CD9941BC2BB2AF153E6F542135CB0D26BA9DE3CA514D350
                                                                                                                                    Function 00007FF6B79615E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                    • Opcode ID: 3b5984f71a9357ddecd120cd2fbb954b619839b684c00d753cc7ab51db88a6c5
                                                                                                                                    • Instruction ID: be29416225ddeac9d5b9d8037cb9ba64e2c505b3c5fb962e7b6bbd1399c12150
                                                                                                                                    • Opcode Fuzzy Hash: 3b5984f71a9357ddecd120cd2fbb954b619839b684c00d753cc7ab51db88a6c5
                                                                                                                                    • Instruction Fuzzy Hash: 1C517F61B08A4392EB10BB19A4105B963A1BF48B94F844232EF1CC77B7DF3CEA55D780
                                                                                                                                    Function 00007FF8B8B280C4 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                                                                                    • String ID: argument 'data'$contiguous buffer$decompress
                                                                                                                                    • API String ID: 883004049-2667845042
                                                                                                                                    • Opcode ID: 86a201a00cea352751da45327e8419eeb6c3fdaa47358e7846fc8b863156595e
                                                                                                                                    • Instruction ID: 6cea3b23a6cb79da0ba9f5a65c89773d648c2dadc92b503f04e9dcc83326dafd
                                                                                                                                    • Opcode Fuzzy Hash: 86a201a00cea352751da45327e8419eeb6c3fdaa47358e7846fc8b863156595e
                                                                                                                                    • Instruction Fuzzy Hash: 1B418E22A18B4282EA11CF29E84027E67A5FB59BD5F884131DF5D13794EF3CE546C708
                                                                                                                                    Function 00007FF8B8F83664 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Buffer_$Arg_BufferContiguousIndexKeywordsLong_Number_Object_ReleaseSsize_tUnpackmemset
                                                                                                                                    • String ID: argument 'data'$contiguous buffer$decompress
                                                                                                                                    • API String ID: 2593461735-2667845042
                                                                                                                                    • Opcode ID: e771fef871b570cd1d115c62437ea60a85fc217b65ec7a342adce251f02ac80e
                                                                                                                                    • Instruction ID: 45973130db7242b037f33e89af879fad315942409946167e2fa9c5231ca5ac8a
                                                                                                                                    • Opcode Fuzzy Hash: e771fef871b570cd1d115c62437ea60a85fc217b65ec7a342adce251f02ac80e
                                                                                                                                    • Instruction Fuzzy Hash: E9416D72A1CB82C2EB109B1AD844A6863A1FB49BDAF444531DF5D137A6EF3CE446C708
                                                                                                                                    Function 00007FF8B8B02650 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 169COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101541388.00007FF8B8B01000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101519602.00007FF8B8B00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101560666.00007FF8B8B03000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101580458.00007FF8B8B04000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101601557.00007FF8B8B05000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b00000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _aligned_free$_aligned_malloc_wassertcallocfree
                                                                                                                                    • String ID: block_len < 256$block_len > 0$src/raw_ctr.c$src/raw_ctr.c
                                                                                                                                    • API String ID: 592997318-2016502466
                                                                                                                                    • Opcode ID: 0feb0811099df3945d27071898244650c3f4633db531f857b0110dcc02f97b31
                                                                                                                                    • Instruction ID: dca98e68084d03a42fbb6cc51898a7375de1ed09bd8f40ae6e22ce65c17e417d
                                                                                                                                    • Opcode Fuzzy Hash: 0feb0811099df3945d27071898244650c3f4633db531f857b0110dcc02f97b31
                                                                                                                                    • Instruction Fuzzy Hash: B971AF36A08B4286EA668F29E84436973A0FB48BC4F544035DF4D63B75DF3CE46AD708
                                                                                                                                    Function 00007FF8B8B310BC Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 143threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocErr_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockTupleType_
                                                                                                                                    • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                                                                                    • API String ID: 1600877341-3984722346
                                                                                                                                    • Opcode ID: 2856996781835249482c21a691dbe7620279ebd7fa3a7aa9900723d9875033ac
                                                                                                                                    • Instruction ID: 5a011e2bcdf98548919eed1dd4034c721319d89847f9f0dd149f9d08d795a8fb
                                                                                                                                    • Opcode Fuzzy Hash: 2856996781835249482c21a691dbe7620279ebd7fa3a7aa9900723d9875033ac
                                                                                                                                    • Instruction Fuzzy Hash: E3611732A48A1285EB508B79E8404BD37A8BB49BD8F504531EB4D62B58EF3CE546C748
                                                                                                                                    Function 00007FF8B9F6B280 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                    • Opcode ID: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                                                                    • Instruction ID: 59767798d5f90d25f6265be4f1e77b50c0027f8b3e3931623f3e1f01ee8f6530
                                                                                                                                    • Opcode Fuzzy Hash: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                                                                    • Instruction Fuzzy Hash: ECF14676A08B829EEB11DFB8E4901FC37A1EB0439EB405136EB4D57B99DE38D519C340
                                                                                                                                    Function 00007FF8B8B30AE4 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyMapping_Check.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B09
                                                                                                                                    • PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B23
                                                                                                                                    • PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B38
                                                                                                                                    • PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B4F
                                                                                                                                    • PyErr_ExceptionMatches.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30BC8
                                                                                                                                    • PyErr_Format.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30C11
                                                                                                                                    • PyErr_SetString.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30C2A
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B35BDC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                                                                                    • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                                                                                    • API String ID: 1881886752-3390802605
                                                                                                                                    • Opcode ID: acdf836fdd5511d6e31dac9c8e0280febfe734f56168e6accffe676ad5e86d30
                                                                                                                                    • Instruction ID: 2fa20c55bf1e0ca167510c2244b3b56cde75955edda133a473b7197cdf78888e
                                                                                                                                    • Opcode Fuzzy Hash: acdf836fdd5511d6e31dac9c8e0280febfe734f56168e6accffe676ad5e86d30
                                                                                                                                    • Instruction Fuzzy Hash: 1241FA35A88E4395EE648F2DA89413973A0EF45BC5F488031CB8E57765EF3CE4978709
                                                                                                                                    Function 00007FF8B8B30698 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                                                                                    • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                                                                                    • API String ID: 3656606796-2431706548
                                                                                                                                    • Opcode ID: af31d97db423b42f7ed91b133b25456967f2f529ca4ef696cdda056ce1b72d8b
                                                                                                                                    • Instruction ID: aa9f1dfcb0be8d574479ab7ff04ccfa80e1c30048a3c32c487028bc971b96616
                                                                                                                                    • Opcode Fuzzy Hash: af31d97db423b42f7ed91b133b25456967f2f529ca4ef696cdda056ce1b72d8b
                                                                                                                                    • Instruction Fuzzy Hash: 44314A21B58A47C1EA109B3AD8446A97360FF98FC4F984135DB4D53664DF3CE94BC748
                                                                                                                                    Function 00007FF8B8B2858C Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_$MemoryString
                                                                                                                                    • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                                                                                    • API String ID: 60457842-2177155514
                                                                                                                                    • Opcode ID: 097fdd730b1c779e4e6afa7556a4befbfdf5c643d7449565bc08ac4760e4bdb7
                                                                                                                                    • Instruction ID: 9ced1083625881e6c8ed7faaceca86a9b8133054270c87ba68381d4a565eb99f
                                                                                                                                    • Opcode Fuzzy Hash: 097fdd730b1c779e4e6afa7556a4befbfdf5c643d7449565bc08ac4760e4bdb7
                                                                                                                                    • Instruction Fuzzy Hash: 38215121EAC61391F9A94F3D985407C1AA2AF453C1FE45031CB0E066949F7DF947C30D
                                                                                                                                    Function 00007FF8B9F63334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                    • API String ID: 4223619315-393685449
                                                                                                                                    • Opcode ID: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                                                                    • Instruction ID: 799c6e16e3c5ca2d08a1f69975364a9596d84f8b051d31dd5d8d29d75cbdba2f
                                                                                                                                    • Opcode Fuzzy Hash: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                                                                    • Instruction Fuzzy Hash: 38D18172A08B828AEB609F69D4402AD7BA0FB56BE9F101135EF8D57B55DF78E490C700
                                                                                                                                    Function 00007FF8B9F6ED94 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Replicator::operator[]
                                                                                                                                    • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                    • API String ID: 3676697650-3207858774
                                                                                                                                    • Opcode ID: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                                                                    • Instruction ID: 1b89cc36ffcbe64e366948a2bc23df8d9c9c9a1daa0ad66cd5e65ea4ebf6b442
                                                                                                                                    • Opcode Fuzzy Hash: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                                                                    • Instruction Fuzzy Hash: 7B918E22B18BC699FB118F2CD4902B83BA2AB547EAF856132EB4D07795DF3CE515C350
                                                                                                                                    Function 00007FF6B7967500 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                    • Opcode ID: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                    • Instruction ID: c9c02fd972eaf862a733af940d0abed67b4f4ce246c8e70b00f0665c1e97810e
                                                                                                                                    • Opcode Fuzzy Hash: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                    • Instruction Fuzzy Hash: C1217161B08A4382EB55AB7EE8445796351EF88FE4F484231DB1EC23BEDE2CD6859250
                                                                                                                                    Function 00007FF8B8791030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101193437.00007FF8B8791000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8B8790000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101165795.00007FF8B8790000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101233210.00007FF8B8794000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101273506.00007FF8B8795000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101301497.00007FF8B8796000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8790000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                    • Instruction ID: a96f4ad5d940a85ff7032a7247fffbeb0d608e88d7e4b995816a6bf10717bc13
                                                                                                                                    • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                    • Instruction Fuzzy Hash: 5281AF21EEC643A6FA50AB6DA44127922A0BF557CCF544035DB0D87796EF3CE863872C
                                                                                                                                    Function 00007FF8B8F71030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102123971.00007FF8B8F71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102106277.00007FF8B8F70000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102140246.00007FF8B8F72000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102158722.00007FF8B8F74000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f70000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                    • Instruction ID: b9ccbbff00cb24d6c5850a871a87acf36f1f96f233e79961f824a10c5129eb80
                                                                                                                                    • Opcode Fuzzy Hash: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                    • Instruction Fuzzy Hash: 26818C39E1CA4346FA50AF6E94412B92EA5AF457C2F444039DB0D87796EF7CE48B8708
                                                                                                                                    Function 00007FF8B8CB1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102047171.00007FF8B8CB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8CB0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102026595.00007FF8B8CB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102068733.00007FF8B8CB3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102086433.00007FF8B8CB5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8cb0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                    • Instruction ID: d8ed2548a2436f55112ac027a662c4e30ce4d3893490df4780cdf31428b27050
                                                                                                                                    • Opcode Fuzzy Hash: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                    • Instruction Fuzzy Hash: 62816DA1E0CE4B4DF7D09B6DA4693B92294AF557C0F546036DB0C83796EF2CE6078608
                                                                                                                                    Function 00007FF8B78B1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100250649.00007FF8B78B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B78B0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100218434.00007FF8B78B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100277880.00007FF8B78B3000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100325323.00007FF8B78B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b78b0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                    • Instruction ID: 573cbe5111dbbc90c657f71b47a948b362a661f94d1113224521ae0cc11cdacc
                                                                                                                                    • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                    • Instruction Fuzzy Hash: 0A817D61F08F4B86F6529B6DA4413BD2E94AF85BC0F544035DB0C8B7B6DE3EE4068708
                                                                                                                                    Function 00007FF8B8B01030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101541388.00007FF8B8B01000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101519602.00007FF8B8B00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101560666.00007FF8B8B03000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101580458.00007FF8B8B04000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101601557.00007FF8B8B05000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b00000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: a8949dbd94157f52c715e3a2c1859cda40e32930befb75e85101528a9057b2a9
                                                                                                                                    • Instruction ID: 965c160cacc7c29da18e15e8e53dd5030b0b43f377cda27454a58e2bfb73a8d7
                                                                                                                                    • Opcode Fuzzy Hash: a8949dbd94157f52c715e3a2c1859cda40e32930befb75e85101528a9057b2a9
                                                                                                                                    • Instruction Fuzzy Hash: 84816D21E0C64786F65CAB7D98412BA2290BF897C0F544135DB4DA77B6EF3CE4478708
                                                                                                                                    Function 00007FF8B8C11030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101878039.00007FF8B8C11000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8C10000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101815910.00007FF8B8C10000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101897238.00007FF8B8C13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101914559.00007FF8B8C14000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101931121.00007FF8B8C15000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8c10000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                    • Instruction ID: e7dd3dc9579a32e4f221081a865129629adcb36b914304252472d064f6369f87
                                                                                                                                    • Opcode Fuzzy Hash: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                    • Instruction Fuzzy Hash: 688180E1E1824346F7D0BB6DA4E92BBA6A1AF457C0F647036DB4D47796DF2CE4038608
                                                                                                                                    Function 00007FF8B78C1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100399510.00007FF8B78C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FF8B78C0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100353519.00007FF8B78C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100429572.00007FF8B78C2000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100477964.00007FF8B78C4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b78c0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                    • Instruction ID: 89896474b6c4f919edb7f170a342c01ffeaa460aed95e4177e7cad4baa4820a0
                                                                                                                                    • Opcode Fuzzy Hash: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                    • Instruction Fuzzy Hash: 77816CA1F0C34386F652AB7E94812BD6E91AF45BC0F544036EB0D877B6DE3CE54E8608
                                                                                                                                    Function 00007FF8B8081030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101072102.00007FF8B8081000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8B8080000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100995731.00007FF8B8080000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101101057.00007FF8B8085000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101122183.00007FF8B8086000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101142517.00007FF8B8087000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8080000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: f971a88d3ae81d83572a64a31c4b34b717c22cee03bf39ed2423e9f1d9f776a2
                                                                                                                                    • Instruction ID: 78bd4fd199138e2366289aaa4b63159896c853dda53c2f82da82d54e7d23b1e9
                                                                                                                                    • Opcode Fuzzy Hash: f971a88d3ae81d83572a64a31c4b34b717c22cee03bf39ed2423e9f1d9f776a2
                                                                                                                                    • Instruction Fuzzy Hash: 5E815721E086478AFF50AB6EA8412B922D1AF95BC0F544535DB4D877D7EF3CE8938608
                                                                                                                                    Function 00007FF8B7891030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2099975294.00007FF8B7891000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8B7890000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2099859726.00007FF8B7890000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100020058.00007FF8B7894000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100044993.00007FF8B7895000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100071856.00007FF8B7896000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b7890000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                    • Instruction ID: 557bfbec62066bce3857ef76d25ad0e254f1d0905b0d652d202f3d26d65d5658
                                                                                                                                    • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                    • Instruction Fuzzy Hash: 9A817E21F0C34386FA52AB6EA4412BD6E91AF95BC0F547135DB4D877B6DE3CE8028708
                                                                                                                                    Function 00007FF8B8831030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101352026.00007FF8B8831000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8830000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101325282.00007FF8B8830000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101370847.00007FF8B8833000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101393527.00007FF8B8835000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8830000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                    • Instruction ID: 55c16a6871cf25dddb3314aa5074451aae34b0efdc98bae116ea6e0500ed0667
                                                                                                                                    • Opcode Fuzzy Hash: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                    • Instruction Fuzzy Hash: 04816A29F8824347FA53AB6DA4412B96290AF5DFC0F444435FB4D93796EF2CE8478708
                                                                                                                                    Function 00007FF8B8071030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100937569.00007FF8B8071000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8B8070000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100873725.00007FF8B8070000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100958392.00007FF8B8073000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100976861.00007FF8B8075000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8070000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                    • Instruction ID: d9658d1400c41c7c20bfa35abd275d393404b33eb24c99555cda73a0383d1003
                                                                                                                                    • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                    • Instruction Fuzzy Hash: EE814969E186438AFF50AF6DA4412B96AA1BFA5BC0F444035DB4D877D6EF3CE4078708
                                                                                                                                    Function 00007FF8B78A1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2100121568.00007FF8B78A1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B78A0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100092933.00007FF8B78A0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100149958.00007FF8B78A3000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2100177646.00007FF8B78A5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b78a0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                    • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                    • Instruction ID: 4d7eaff509a05e11a3b3a13f815174cda3363a1b3b47a643f4c9d9872ed442f7
                                                                                                                                    • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                    • Instruction Fuzzy Hash: F2817D25F0C74B86FA529B6D94412BD6AB0AF85BC0F584035DF0D877B6EF2CE4018708
                                                                                                                                    Function 00007FF8B9F69164 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                    • Opcode ID: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                                                                    • Instruction ID: 10ab3fa58f898b6b3dbcd2e581f8d1ac412ffa64b7d98d00a8743de04e4e195f
                                                                                                                                    • Opcode Fuzzy Hash: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                                                                    • Instruction Fuzzy Hash: 52714872B08B8699EB10DF68D4901EC33B1EB4479DB806436DB0D57B9AEE38D659C390
                                                                                                                                    Function 00007FF8B8B27EBC Relevance: 16.7, APIs: 11, Instructions: 157COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Mem_$Eval_Threadmemcpy$Bytes_DeallocFreeFromMallocModuleReallocRestoreSaveSizeStateStringType_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2023644590-0
                                                                                                                                    • Opcode ID: 11e81b895bd845a7995b57c73dd007401e340d8bf7aa85be91c2a92fbae873eb
                                                                                                                                    • Instruction ID: 7e4ae8cf6359b169bb830eac50d4592a3dd3bf51a561bca5ae18231e2b6b30ba
                                                                                                                                    • Opcode Fuzzy Hash: 11e81b895bd845a7995b57c73dd007401e340d8bf7aa85be91c2a92fbae873eb
                                                                                                                                    • Instruction Fuzzy Hash: BC516922A0DB9685EB648F39A95423E6BA5FB18FD4F545031CF4D27768DF3CE4928308
                                                                                                                                    Function 00007FF8B8C12170 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 166COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101878039.00007FF8B8C11000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8C10000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101815910.00007FF8B8C10000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101897238.00007FF8B8C13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101914559.00007FF8B8C14000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101931121.00007FF8B8C15000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8c10000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wassertmemcpy$memmove
                                                                                                                                    • String ID: (direction == DirEncrypt) || (direction == DirDecrypt)$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c$src/raw_cfb.c
                                                                                                                                    • API String ID: 710767724-3209691050
                                                                                                                                    • Opcode ID: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                    • Instruction ID: ae6b2270ff5f501c789364a9ac65524de5d7d743e671402249a4167d5b600290
                                                                                                                                    • Opcode Fuzzy Hash: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                    • Instruction Fuzzy Hash: BC61F4B6B18B8282E751DF29E45866A6B60FB95BD4F408631DF8C13B45DF3CD552C304
                                                                                                                                    Function 00007FF8B9F6AAC8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                    • API String ID: 2943138195-1464470183
                                                                                                                                    • Opcode ID: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                                                                                    • Instruction ID: 7e3827ab8548e3db9094d318c060884a290827455024d3e9ccefd8fac21c698e
                                                                                                                                    • Opcode Fuzzy Hash: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                                                                                    • Instruction Fuzzy Hash: E4514422E18B9689EB10CF68E8805BC3BB5BB043EAF516135DB4E56B99DF28E554C300
                                                                                                                                    Function 00007FF8B8F8A36C Relevance: 15.2, APIs: 10, Instructions: 228COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 190073905-0
                                                                                                                                    • Opcode ID: 3dd21a57bbe035c5929a4735ee8ba2a71b21260b8cfcc5b7557915190276ba83
                                                                                                                                    • Instruction ID: d742f11586a3f9724b7725e853e50eb9ac059e6769c40cfbaedf20509755e1e1
                                                                                                                                    • Opcode Fuzzy Hash: 3dd21a57bbe035c5929a4735ee8ba2a71b21260b8cfcc5b7557915190276ba83
                                                                                                                                    • Instruction Fuzzy Hash: C6818B30E0C643C6FB54AB2D9445A792691EF85BC2F144235EB0D477A7EF3CE847960A
                                                                                                                                    Function 00007FF8B8B33500 Relevance: 15.2, APIs: 10, Instructions: 228COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 190073905-0
                                                                                                                                    • Opcode ID: a3e57eee5bb5af857b9f1d362037c8737fd0af22262b59f99258b1c3d780b975
                                                                                                                                    • Instruction ID: 2338c2fbb4062ffd233a63549b373665d6061c2eeb98a63ea70e5cf21ad91dc0
                                                                                                                                    • Opcode Fuzzy Hash: a3e57eee5bb5af857b9f1d362037c8737fd0af22262b59f99258b1c3d780b975
                                                                                                                                    • Instruction Fuzzy Hash: 7B819B62E8C64386FA54AB3DB4512BB6690AF8DBC4F444035EB0C87796DF3CE9478708
                                                                                                                                    Function 00007FF8B8F83380 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Mem_memcpy$Bytes_DeallocFromMallocReallocSizeString
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2377850682-0
                                                                                                                                    • Opcode ID: 5ed5d95cf33a77eda36acb467f4d24fea30191780b1b44687761aa2b58336429
                                                                                                                                    • Instruction ID: dca35b66a808c9c227bea7b9e45e1748d2c6b80d69bcb7672cec885eb9609a10
                                                                                                                                    • Opcode Fuzzy Hash: 5ed5d95cf33a77eda36acb467f4d24fea30191780b1b44687761aa2b58336429
                                                                                                                                    • Instruction Fuzzy Hash: 40516A32A09B42C1EB558F2AA444A3963A5FF05FC6F184431CF8D47B6ADF3CE4668308
                                                                                                                                    Function 00007FF8B98412D0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$AdjustPointermemmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 338301193-0
                                                                                                                                    • Opcode ID: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                    • Instruction ID: fb8fc8058e067d09f6cfa45e01769e75cd89e25697cf5a9e3f785a916210fb87
                                                                                                                                    • Opcode Fuzzy Hash: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                    • Instruction Fuzzy Hash: 4A519B31B0AAC381EA66DF5D949663C6395EF65FC8F09C43ADB4D06B84DF2CE4428750
                                                                                                                                    Function 00007FF6B7977250 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                    • Opcode ID: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                    • Instruction ID: f5ce7ff951a244f3b280279acce6d20cdffece6d0a9852c4fd12930eccf2e03d
                                                                                                                                    • Opcode Fuzzy Hash: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                    • Instruction Fuzzy Hash: 5D12B761E0D14386FB24BB1CD0546B976A2FB80754F848136E79AC7AEADF3CE490CB51
                                                                                                                                    Function 00007FF6B79705A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                    • Opcode ID: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                    • Instruction ID: dbfa14a8b4181ffe56eff75c5f812ab90fab1ffbe49ac13aa6981ddff9d6026b
                                                                                                                                    • Opcode Fuzzy Hash: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                    • Instruction Fuzzy Hash: 06127172A0C18386FB64BB1DD0547BAB692FB50754F988135E7CA876E6DF3CE5808B10
                                                                                                                                    Function 00007FF8B9F637F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                    • API String ID: 211107550-393685449
                                                                                                                                    • Opcode ID: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                                                                    • Instruction ID: b961ca046477a3ae428f48a646d8a46bc4f32263d61e09adfb67c01379c2cc6c
                                                                                                                                    • Opcode Fuzzy Hash: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                                                                    • Instruction Fuzzy Hash: 03E18E73908BC28AE7209F79D4802AD7BA0FB457A9F142235EB8D57796CF78E581C700
                                                                                                                                    Function 00007FF8B9841650 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                    • API String ID: 211107550-393685449
                                                                                                                                    • Opcode ID: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                    • Instruction ID: 079316ce9e721b49ef89aabad672fa7613d1145177c9cee6d275f65726a636cf
                                                                                                                                    • Opcode Fuzzy Hash: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                    • Instruction Fuzzy Hash: C3E19E72A08AC28AEB11DF69D4813AD7BA0FF65788F154236DB8D57756DF38E481CB00
                                                                                                                                    Function 00007FF8B8F82004 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __acrt_iob_func
                                                                                                                                    • String ID: %d work, %d block, ratio %5.2f$ too repetitive; using fallback sorting algorithm$VUUU
                                                                                                                                    • API String ID: 711238415-2988393112
                                                                                                                                    • Opcode ID: 2ae7a21a449b43fb95d1edde8f74c3cd586e960239af52f7b9f1df3faf517d86
                                                                                                                                    • Instruction ID: 7c6664d4c29f1a4cb1aa773e2e123a309a9154413670840c75a338be09039609
                                                                                                                                    • Opcode Fuzzy Hash: 2ae7a21a449b43fb95d1edde8f74c3cd586e960239af52f7b9f1df3faf517d86
                                                                                                                                    • Instruction Fuzzy Hash: 7F41AA32A08A42CBE7149F29944597973A5FB88BD6F201236DB0E537A6DF3DE483C604
                                                                                                                                    Function 00007FF6B7961030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                    • Opcode ID: a6a40790981adc598c9b8c96d834f8d43a2760af816e7aca1fad9cbe9eeabf59
                                                                                                                                    • Instruction ID: d3ae83a8476f99f6017ab8f6885e11d2136a7f6b107f92aee07f6e7e94b4c93a
                                                                                                                                    • Opcode Fuzzy Hash: a6a40790981adc598c9b8c96d834f8d43a2760af816e7aca1fad9cbe9eeabf59
                                                                                                                                    • Instruction Fuzzy Hash: FB415E62A0865396EB00FB19A8056B97291BF48BD4F554632EF0D877B7DE3CE6058780
                                                                                                                                    Function 00007FF6B7967CA0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTempPathW.KERNEL32(FFFFFFFF,00000000,?,00007FF6B7963101), ref: 00007FF6B7967D44
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00007FF6B7963101), ref: 00007FF6B7967D4A
                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00007FF6B7963101), ref: 00007FF6B7967D8C
                                                                                                                                      • Part of subcall function 00007FF6B7967E70: GetEnvironmentVariableW.KERNEL32(00007FF6B7962C4F), ref: 00007FF6B7967EA7
                                                                                                                                      • Part of subcall function 00007FF6B7967E70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6B7967EC9
                                                                                                                                      • Part of subcall function 00007FF6B7979174: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B797918D
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                    • API String ID: 365913792-1339014028
                                                                                                                                    • Opcode ID: fc67a987217e40b5ad979417d55bde384dc353a3eb7d5f0f4a4332e900270273
                                                                                                                                    • Instruction ID: e80b1e8443462f84b561dfc35e99fddf3bea5e7a6f92fe667623bf66039b53d2
                                                                                                                                    • Opcode Fuzzy Hash: fc67a987217e40b5ad979417d55bde384dc353a3eb7d5f0f4a4332e900270273
                                                                                                                                    • Instruction Fuzzy Hash: 1A418021A1964350FB60FB2D99552F92292AF897D0F501631EF0DC77BBEE3CE6058780
                                                                                                                                    Function 00007FF8B9F6C7F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                    • API String ID: 2943138195-2239912363
                                                                                                                                    • Opcode ID: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                                                                    • Instruction ID: 554ada808f17a41db1697e577b7f4e96fb850b2afce1a5c5409a0978bb931aa6
                                                                                                                                    • Opcode Fuzzy Hash: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                                                                    • Instruction Fuzzy Hash: 6D514E62E18B959CFB118F68E8402BD7BB0BB0A7AAF445136DB8D12B95DF3C9154C710
                                                                                                                                    Function 00007FF8B8F827C4 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                                                                                    • String ID: argument$compress$contiguous buffer
                                                                                                                                    • API String ID: 1731275941-2310704374
                                                                                                                                    • Opcode ID: 02db67df928eae8c62102d1f1a45d0ddd6935039fc39ace8882c388b579b52ef
                                                                                                                                    • Instruction ID: f4179a9d40d33fc3225d5f5254148f4f4e9a5aef8c639842484aa3f88b433048
                                                                                                                                    • Opcode Fuzzy Hash: 02db67df928eae8c62102d1f1a45d0ddd6935039fc39ace8882c388b579b52ef
                                                                                                                                    • Instruction Fuzzy Hash: BB116072B18B46C1EB109B29E484AB963A1FB88FC5F984131DB4D43766EF3CE646C704
                                                                                                                                    Function 00007FF8B8B283A4 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                                                                                    • String ID: argument$compress$contiguous buffer
                                                                                                                                    • API String ID: 1731275941-2310704374
                                                                                                                                    • Opcode ID: 23e77381a8c7bd8bc28583ded21fe01c94e5f302fa38e14d8ffac2dc2a86c21a
                                                                                                                                    • Instruction ID: ae025a43791634a7d33ad405daf6c80133d6206a096e7655b606a4152514442b
                                                                                                                                    • Opcode Fuzzy Hash: 23e77381a8c7bd8bc28583ded21fe01c94e5f302fa38e14d8ffac2dc2a86c21a
                                                                                                                                    • Instruction Fuzzy Hash: AF115E22A18A4692EA24DF39E8442AD6360FB98BC4F988131DB5D53664EF3CE54BC744
                                                                                                                                    Function 00007FF6B796DF98 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                    • Opcode ID: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                    • Instruction ID: 30eca0c9013b61d6dea0b1c3cab6f11fc8aef1754ee199296c59d069b8324caf
                                                                                                                                    • Opcode Fuzzy Hash: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                    • Instruction Fuzzy Hash: 1BD162329087438AEB20AB7994413AD77A0FB55B88F100235EF4D97767DF38E685C781
                                                                                                                                    Function 00007FF8B9F6662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                                                    • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                    • API String ID: 1852475696-928371585
                                                                                                                                    • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                    • Instruction ID: d8953647ee1a8d580baae80af237be340968764f70d13ee7b245b1209724c1e1
                                                                                                                                    • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                    • Instruction Fuzzy Hash: 28519D62B18B86A2EE20CFA8E8911B96760FF85BEAF405531DB4D47759EF7CE505C300
                                                                                                                                    Function 00007FF8B8B32418 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B32464
                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B324A8
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B324C4
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B32513
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                                                                                    • String ID: Unable to allocate output buffer.
                                                                                                                                    • API String ID: 76732796-2565006440
                                                                                                                                    • Opcode ID: 84d4738fa4dcd56a634450ad7e703d1f8a30ea5c7d66d2d9febd396e80557574
                                                                                                                                    • Instruction ID: e893f0dbe9c62464950784d7c3b1205d8b3921cadd3cfe1346cbf5d3827c8121
                                                                                                                                    • Opcode Fuzzy Hash: 84d4738fa4dcd56a634450ad7e703d1f8a30ea5c7d66d2d9febd396e80557574
                                                                                                                                    • Instruction Fuzzy Hash: 6F411876A59A1382EB198F2AD85026D37A0FB48FD5F198432DF1D43765CF38E5A2C308
                                                                                                                                    Function 00007FF8B8B307C4 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyDict_New.PYTHON312(?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B307D1
                                                                                                                                      • Part of subcall function 00007FF8B8B308F8: PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B30910
                                                                                                                                      • Part of subcall function 00007FF8B8B308F8: PyUnicode_InternFromString.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B30921
                                                                                                                                      • Part of subcall function 00007FF8B8B308F8: PyDict_SetItem.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B3093C
                                                                                                                                    • PyErr_Format.PYTHON312(?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B35AF2
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B35B0E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Dict_FromLong$DeallocErr_FormatInternItemLong_StringUnicode_Unsigned
                                                                                                                                    • String ID: Invalid filter ID: %llu$dict_size$dist$start_offset
                                                                                                                                    • API String ID: 1484310907-3368833446
                                                                                                                                    • Opcode ID: e8430a732b9d9007ab005b1cd79c6140378470aa86d8b3360c2fea7ef1d1078d
                                                                                                                                    • Instruction ID: 7a1024a10543fa0a463d95046a7bf58e354739250d9c7b954b027fd73c9e0c35
                                                                                                                                    • Opcode Fuzzy Hash: e8430a732b9d9007ab005b1cd79c6140378470aa86d8b3360c2fea7ef1d1078d
                                                                                                                                    • Instruction Fuzzy Hash: 31410A31A88B0791EE645F3EE98457833A0EF057D4F048632DB2D466A1EF7CE4678349
                                                                                                                                    Function 00007FF8B9F66FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67069
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67077
                                                                                                                                    • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67090
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F670A2
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67110
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F6711C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                    • String ID: api-ms-
                                                                                                                                    • API String ID: 916704608-2084034818
                                                                                                                                    • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                    • Instruction ID: 7738415722352f197933ac7d2e92e6b3581a3ec6d69ec7219ca748cf8621009c
                                                                                                                                    • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                    • Instruction Fuzzy Hash: E1316D21B1ABC2A2EE119F0AE8005B56794BF04BF6F195535DE1E0B7A8EF7CE544C310
                                                                                                                                    Function 00007FF8B98435E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B984379F,?,?,00000000,00007FF8B98435D0,?,?,?,?,00007FF8B984334D), ref: 00007FF8B9843665
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF8B984379F,?,?,00000000,00007FF8B98435D0,?,?,?,?,00007FF8B984334D), ref: 00007FF8B9843673
                                                                                                                                    • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B984379F,?,?,00000000,00007FF8B98435D0,?,?,?,?,00007FF8B984334D), ref: 00007FF8B984368C
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B984379F,?,?,00000000,00007FF8B98435D0,?,?,?,?,00007FF8B984334D), ref: 00007FF8B984369E
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF8B984379F,?,?,00000000,00007FF8B98435D0,?,?,?,?,00007FF8B984334D), ref: 00007FF8B984370C
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF8B984379F,?,?,00000000,00007FF8B98435D0,?,?,?,?,00007FF8B984334D), ref: 00007FF8B9843718
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                    • String ID: api-ms-
                                                                                                                                    • API String ID: 916704608-2084034818
                                                                                                                                    • Opcode ID: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                    • Instruction ID: 77827de72b3c1681d48ad45435dfde6eb7f8f60b1f5d610168333c95cb6c81a7
                                                                                                                                    • Opcode Fuzzy Hash: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                    • Instruction Fuzzy Hash: E731C321B1ABC392EE259F1AA90017A2398BF49BE4F594536DF5D4B394EF3CE4458700
                                                                                                                                    Function 00007FF8B8F8C774 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                                                                                    • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                                                                                    • API String ID: 1563898963-3455802345
                                                                                                                                    • Opcode ID: 64825cd2cf26f29090900c0970d91c5fed8f0556836e167d9043006048a36c31
                                                                                                                                    • Instruction ID: be1ca05a5cc772fefa1574cb537a00f79d95e5145b23cb037ffdb1f4b0dc9a72
                                                                                                                                    • Opcode Fuzzy Hash: 64825cd2cf26f29090900c0970d91c5fed8f0556836e167d9043006048a36c31
                                                                                                                                    • Instruction Fuzzy Hash: 6A312D31A08B46C1EB548B2DE94492963A1FB45FE6F544232DB6E477E6DF3DE4428304
                                                                                                                                    Function 00007FF8B8B36234 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyErr_SetString.PYTHON312(?,?,?,00007FF8B8B34C0B,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B3626C
                                                                                                                                    • PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FF8B8B34C0B,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B362CF
                                                                                                                                    • PyList_Append.PYTHON312(?,?,?,00007FF8B8B34C0B,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B362E3
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B34C0B,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B362FF
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B34C0B,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B36318
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                                                                                    • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                                                                                    • API String ID: 1563898963-3455802345
                                                                                                                                    • Opcode ID: fb4465ec6624f55bbfe6840d01cd0dbdec5da1104538c65f5b97af29b0dcb523
                                                                                                                                    • Instruction ID: 501e44d5d2edc5c5a4fd34fc839fc3e4d879505166d02aeabc34092f6b84bbf0
                                                                                                                                    • Opcode Fuzzy Hash: fb4465ec6624f55bbfe6840d01cd0dbdec5da1104538c65f5b97af29b0dcb523
                                                                                                                                    • Instruction Fuzzy Hash: 25316D21A99B42C1EB148F3EE80423963A0FB49BE4F154235DB6E537E4DF7DE0428308
                                                                                                                                    Function 00007FF8B8F8235C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Arg_KeywordsLong_ModuleModule_StateType_
                                                                                                                                    • String ID: BZ2Compressor
                                                                                                                                    • API String ID: 694278274-1096114097
                                                                                                                                    • Opcode ID: d94cd0aa74fe26e1634489765f8eb5debb90003d1ae9e7def159ef99f6af6e4d
                                                                                                                                    • Instruction ID: 557577674f9dd682a127e9191cb04fb071389fe9f465a80670c22d6ac84f469d
                                                                                                                                    • Opcode Fuzzy Hash: d94cd0aa74fe26e1634489765f8eb5debb90003d1ae9e7def159ef99f6af6e4d
                                                                                                                                    • Instruction Fuzzy Hash: 1A216B31A08B03C6EB649B1A985497923A1EB88FC6F584035CB0E477A2DF3CF4878308
                                                                                                                                    Function 00007FF8B8F837F4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lockmemcpy
                                                                                                                                    • String ID: End of stream already reached
                                                                                                                                    • API String ID: 180092378-3466344095
                                                                                                                                    • Opcode ID: e6c41582f59a3542e7595e744a3d444604bbafb659959ada142c902c94f334d4
                                                                                                                                    • Instruction ID: 84ac769c06f097838a53ecdf0614d521ed6cf420ee9c78f0452f1007c1bf70c4
                                                                                                                                    • Opcode Fuzzy Hash: e6c41582f59a3542e7595e744a3d444604bbafb659959ada142c902c94f334d4
                                                                                                                                    • Instruction Fuzzy Hash: AD11FB32B08A41C5EB14DB2AE844A696765FB89FC6F184131DF4E47766CF3CE4568348
                                                                                                                                    Function 00007FF8B8B294C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                                                                                    • String ID: Already at end of stream
                                                                                                                                    • API String ID: 2195683152-1334556646
                                                                                                                                    • Opcode ID: 5fc9e3108502057c7923d70f0e8a889d5af53ed82067806d4aad85c4a9b5ed1c
                                                                                                                                    • Instruction ID: 28ac666633d0ffa7007d3a5183edda1654a27bdc4481faa8af8204adeb541207
                                                                                                                                    • Opcode Fuzzy Hash: 5fc9e3108502057c7923d70f0e8a889d5af53ed82067806d4aad85c4a9b5ed1c
                                                                                                                                    • Instruction Fuzzy Hash: 56111621A58B8285EA54DF6AE84416D6764FB88FC1F485032DF1E53724CF3CE4568309
                                                                                                                                    Function 00007FF8B8F82730 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lock
                                                                                                                                    • String ID: Compressor has been flushed
                                                                                                                                    • API String ID: 1906554297-3904734015
                                                                                                                                    • Opcode ID: ed9f36454da4547b3ff536999076b4e6f3a63bfab0d4635b9957101ca265234d
                                                                                                                                    • Instruction ID: 4f332ec9007ea87d02ebbf4860b3cb07046bf8df37e9bbcc85b7d740a090b73d
                                                                                                                                    • Opcode Fuzzy Hash: ed9f36454da4547b3ff536999076b4e6f3a63bfab0d4635b9957101ca265234d
                                                                                                                                    • Instruction Fuzzy Hash: 4811F571A08A42C2EB54CB1AE9449696366FB89FC2F145432DF0E47B66CF3CE4928344
                                                                                                                                    Function 00007FF8B8B28EE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyThread_acquire_lock.PYTHON312(?,?,?,00007FF8B8B2840A), ref: 00007FF8B8B28F06
                                                                                                                                    • PyThread_release_lock.PYTHON312(?,?,?,00007FF8B8B2840A), ref: 00007FF8B8B28F38
                                                                                                                                    • PyErr_SetString.PYTHON312(?,?,?,00007FF8B8B2840A), ref: 00007FF8B8B28F68
                                                                                                                                      • Part of subcall function 00007FF8B8B28438: PyType_GetModuleState.PYTHON312 ref: 00007FF8B8B28471
                                                                                                                                      • Part of subcall function 00007FF8B8B28438: PyBytes_FromStringAndSize.PYTHON312 ref: 00007FF8B8B28485
                                                                                                                                      • Part of subcall function 00007FF8B8B28438: PyList_New.PYTHON312 ref: 00007FF8B8B2849C
                                                                                                                                      • Part of subcall function 00007FF8B8B28438: PyEval_SaveThread.PYTHON312 ref: 00007FF8B8B284ED
                                                                                                                                      • Part of subcall function 00007FF8B8B28438: PyEval_RestoreThread.PYTHON312 ref: 00007FF8B8B28507
                                                                                                                                    • PyEval_SaveThread.PYTHON312(?,?,?,00007FF8B8B2840A), ref: 00007FF8B8B34DE4
                                                                                                                                    • PyThread_acquire_lock.PYTHON312(?,?,?,00007FF8B8B2840A), ref: 00007FF8B8B34DF9
                                                                                                                                    • PyEval_RestoreThread.PYTHON312(?,?,?,00007FF8B8B2840A), ref: 00007FF8B8B34E02
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                    • String ID: Compressor has been flushed
                                                                                                                                    • API String ID: 3871537485-3904734015
                                                                                                                                    • Opcode ID: 34f9a920e1dfd53172f830faadab2301a1a96c656cd0abfbb0ce4c1f60088bd1
                                                                                                                                    • Instruction ID: b3eb0f1463d90518689b9a6caa24a476e655a1fb1bb7bf3e2f9a47ae8cdb167a
                                                                                                                                    • Opcode Fuzzy Hash: 34f9a920e1dfd53172f830faadab2301a1a96c656cd0abfbb0ce4c1f60088bd1
                                                                                                                                    • Instruction Fuzzy Hash: 8D111821A58A9282EA55DF3AE84427E6765FB88FC1F448032DF4E57B24CF3CE456C306
                                                                                                                                    Function 00007FF8B8F8213C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_SizeThread_release_lock
                                                                                                                                    • String ID: Repeated call to flush()
                                                                                                                                    • API String ID: 3236580226-194442007
                                                                                                                                    • Opcode ID: ac50609b38cfcc3fa6e595f5a9e951561bacc63582d302e03131ffb9221ddab7
                                                                                                                                    • Instruction ID: 793cbef11300af0d9c10f8db4b66fa76de86466363159a6200736256f2e23717
                                                                                                                                    • Opcode Fuzzy Hash: ac50609b38cfcc3fa6e595f5a9e951561bacc63582d302e03131ffb9221ddab7
                                                                                                                                    • Instruction Fuzzy Hash: E0111831A08A52C2EB548B2AE8949796361FB89FC2F144031DB0E47B66CF3CE497C744
                                                                                                                                    Function 00007FF8B8B32ECC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                    • String ID: Repeated call to flush()
                                                                                                                                    • API String ID: 3871537485-194442007
                                                                                                                                    • Opcode ID: dfc0ac49da77d79f2cf4c26e073753b680ff85ace585e3b4f0a0b1133adc814c
                                                                                                                                    • Instruction ID: 0660acbeaec49e720e0037dc9d9522fc7f2ba48a53a1d21e5a76fb328b1f7a8a
                                                                                                                                    • Opcode Fuzzy Hash: dfc0ac49da77d79f2cf4c26e073753b680ff85ace585e3b4f0a0b1133adc814c
                                                                                                                                    • Instruction Fuzzy Hash: BD111821A58A9282EA558B3AE84427E7265FF88FC1F548031DB1E47B64CF7CE457870A
                                                                                                                                    Function 00007FF8BA4F23CC Relevance: 12.2, APIs: 8, Instructions: 228COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 368385560-0
                                                                                                                                    • Opcode ID: a1e5698cea0f8960ceaf3bde715c5722cd2a708da1eebab8b1739598f09b826e
                                                                                                                                    • Instruction ID: 0c45bf35664a2dd40cebeab4eecab9e8ee7bb09bd9e3bdcc9b138ad78fb300f0
                                                                                                                                    • Opcode Fuzzy Hash: a1e5698cea0f8960ceaf3bde715c5722cd2a708da1eebab8b1739598f09b826e
                                                                                                                                    • Instruction Fuzzy Hash: F281BC61E0C24386FA54AB6DA8412B9A2D0EF947C0F1574B5EF0C873A6DE3FF8458700
                                                                                                                                    Function 00007FF8B9F62C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$AdjustPointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1501936508-0
                                                                                                                                    • Opcode ID: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                                                                    • Instruction ID: 79d91eb5ec410e356762861ca95cb8fa365873ef54ee14067ddf8fd7ad1836de
                                                                                                                                    • Opcode Fuzzy Hash: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                                                                    • Instruction Fuzzy Hash: 5051AE21A0ABC282FAA59F1CD4446B867A4AF54FF6F09A435CF8D86795DF7CE442C300
                                                                                                                                    Function 00007FF8B9F62E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$AdjustPointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1501936508-0
                                                                                                                                    • Opcode ID: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                                                                    • Instruction ID: 55eaba6fd821c135a66caabca78a54836f6fc690378a8b0e3eaffa3b62506bd7
                                                                                                                                    • Opcode Fuzzy Hash: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                                                                    • Instruction Fuzzy Hash: 4A51B021F1ABC281EA65CF1CD4446B86794AF54FE2F09A535DB8D86795DF7CE441C300
                                                                                                                                    Function 00007FF8BA4F2030 Relevance: 12.1, APIs: 8, Instructions: 137memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharMultiWide$AllocStringfree
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3313731-0
                                                                                                                                    • Opcode ID: 6579adc6f7cbc3e07d444d436e0c7a9ad076bec7c14059552512e4f8aade7d6d
                                                                                                                                    • Instruction ID: 9bb2073fbef7879b14af808b011655e434820ed657ea5ca00612af38d3d87475
                                                                                                                                    • Opcode Fuzzy Hash: 6579adc6f7cbc3e07d444d436e0c7a9ad076bec7c14059552512e4f8aade7d6d
                                                                                                                                    • Instruction Fuzzy Hash: 9541D032A0874689EB149F69D9403B92291FF44BE4F186675EF2E877D5DF3EE1418300
                                                                                                                                    Function 00007FF8B8791D30 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101193437.00007FF8B8791000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8B8790000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101165795.00007FF8B8790000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101233210.00007FF8B8794000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101273506.00007FF8B8795000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101301497.00007FF8B8796000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8790000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wassert$memcpy
                                                                                                                                    • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                    • API String ID: 4292997394-330188172
                                                                                                                                    • Opcode ID: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                    • Instruction ID: ab563ee5d1373d6d7d74688ee33579ea549037eb3292a97b3be897ab67f595b5
                                                                                                                                    • Opcode Fuzzy Hash: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                    • Instruction Fuzzy Hash: 23919022F28A8596FB01CB2CD5443BD6361FB98388F419231DF9C12A5ADF3CE596C708
                                                                                                                                    Function 00007FF8B8C11D80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101878039.00007FF8B8C11000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8C10000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101815910.00007FF8B8C10000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101897238.00007FF8B8C13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101914559.00007FF8B8C14000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101931121.00007FF8B8C15000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8c10000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wassertmemcpymemmove
                                                                                                                                    • String ID: @$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                    • API String ID: 750734614-1361193148
                                                                                                                                    • Opcode ID: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                    • Instruction ID: 6eea02a2665140d981dcc70d3b3645e1bfedf80fbd47ac88fe8fe24fcbc2ff06
                                                                                                                                    • Opcode Fuzzy Hash: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                    • Instruction Fuzzy Hash: 0E5102A2B24B9186EB41DF29E45857A6361FB85BD4F046632DF8D13B45EF3CE192C304
                                                                                                                                    Function 00007FF8B9F6EB88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID: {for
                                                                                                                                    • API String ID: 2943138195-864106941
                                                                                                                                    • Opcode ID: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                                                                    • Instruction ID: 156b843c957b465687e8b06f5f0ccddb842320eefe4356c87573b372f72d8019
                                                                                                                                    • Opcode Fuzzy Hash: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                                                                    • Instruction Fuzzy Hash: C7513D72A08BC5ADEB019F28D4403E83BA1EB45799F849031EB4C4BBA9DF7CE565C300
                                                                                                                                    Function 00007FF8B8B28438 Relevance: 10.6, APIs: 7, Instructions: 125threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2831925710-0
                                                                                                                                    • Opcode ID: fe693556f566664076fc30c50a2c25589112f1091814ec650403e355e23825e4
                                                                                                                                    • Instruction ID: 76206269bf4a78d0716f3351b8f41f86605f04fcc15817c20a34c3f57f31e7b2
                                                                                                                                    • Opcode Fuzzy Hash: fe693556f566664076fc30c50a2c25589112f1091814ec650403e355e23825e4
                                                                                                                                    • Instruction Fuzzy Hash: 38515D22A49B4286EA659F3DA44426D63A4FB58BE0F940235DF9D43B90DF3CE456C309
                                                                                                                                    Function 00007FF8B8F89CD4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                                                                                    • String ID: Unable to allocate output buffer.
                                                                                                                                    • API String ID: 76732796-2565006440
                                                                                                                                    • Opcode ID: 352cd12033a0d3680b30d1cb3825021e2e09d04e932728bf35c9a41b8ed0abba
                                                                                                                                    • Instruction ID: b1a87a2415a87032cd0c2d62ae847234d923ebe5fdfedda129af5e6146b19dde
                                                                                                                                    • Opcode Fuzzy Hash: 352cd12033a0d3680b30d1cb3825021e2e09d04e932728bf35c9a41b8ed0abba
                                                                                                                                    • Instruction Fuzzy Hash: FF414AB3B08A02C2EB198F1AD44066867A0FB48FD6F545432DF4D43766DF38E492C708
                                                                                                                                    Function 00007FF6B7962310 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B7962360
                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B7962AC6,?,00007FF6B7962BC5), ref: 00007FF6B796241A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentFormatMessageProcess
                                                                                                                                    • String ID: %ls$%ls: $<FormatMessageW failed.>$[PYI-%d:ERROR]
                                                                                                                                    • API String ID: 27993502-4247535189
                                                                                                                                    • Opcode ID: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                    • Instruction ID: 9977d124b9e7fdd9d24d8c21739ac2d276884502477f7ee63b7a2a2a0a1758a3
                                                                                                                                    • Opcode Fuzzy Hash: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                    • Instruction Fuzzy Hash: 5F31B322B0864341E720BB69B8106AA72A5BF84BD5F400235EF4DD7B6BDF3CD606C740
                                                                                                                                    Function 00007FF8B9F6E174 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: NameName::atol
                                                                                                                                    • String ID: `template-parameter$void
                                                                                                                                    • API String ID: 2130343216-4057429177
                                                                                                                                    • Opcode ID: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                                                                    • Instruction ID: f4a716e71083a1100192488dad28b8d2c7258cba9e07f61d3a081c63d48ba4e4
                                                                                                                                    • Opcode Fuzzy Hash: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                                                                    • Instruction Fuzzy Hash: 56414922F08B9698FB018FA8D8512BC2BB2BB48BE9F541135DF4C26B59DF7CA545C340
                                                                                                                                    Function 00007FF6B796D258 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D2DD
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D2EB
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D315
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D383
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6B796D50A,?,?,?,00007FF6B796D1FC,?,?,?,00007FF6B796CDF9), ref: 00007FF6B796D38F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                    • String ID: api-ms-
                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                    • Opcode ID: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                    • Instruction ID: e688300b0b96312ccdfeed5264eaa4df25a11ef7ebdbda52765fcb632acad364
                                                                                                                                    • Opcode Fuzzy Hash: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                    • Instruction Fuzzy Hash: D6319221A1AA4391EF11BB0AA800A7523A4BF49FA4F590635DF2DC73A2DF3CE545A350
                                                                                                                                    Function 00007FF8B9F68EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+Replicator::operator[]
                                                                                                                                    • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                    • API String ID: 1405650943-2211150622
                                                                                                                                    • Opcode ID: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                                                                                    • Instruction ID: 063bf9cf311b06e4a30f47783563d98bd91a9fbc309b16685c70c11345608edd
                                                                                                                                    • Opcode Fuzzy Hash: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                                                                                    • Instruction Fuzzy Hash: 1C415AB2E18B829DF7428F6CD8902BC7BA1BB083AAF845535DB4C167A4DF7CA541C311
                                                                                                                                    Function 00007FF8B9F6ACC4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID: char $int $long $short $unsigned
                                                                                                                                    • API String ID: 2943138195-3894466517
                                                                                                                                    • Opcode ID: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                                                                    • Instruction ID: f0988c0b8c84a20f3a87a0d60703ba617d91d6ca91de8b8a05b70602fb0fe491
                                                                                                                                    • Opcode Fuzzy Hash: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                                                                    • Instruction Fuzzy Hash: 83313A72E18B9188EB128F6CD8941BC3BB1FB097AAF449135DB5D46B68DE3CE504C710
                                                                                                                                    Function 00007FF6B7967BB0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                    • Opcode ID: 2bc3961b58cf50d24fb6d4fb88d1ab5404f4b9a8b6d34b736b61f848e7f87ba7
                                                                                                                                    • Instruction ID: 45281c874f85086b768c6b44e2074150a6b544e5ab4e2484159b3becd87e28be
                                                                                                                                    • Opcode Fuzzy Hash: 2bc3961b58cf50d24fb6d4fb88d1ab5404f4b9a8b6d34b736b61f848e7f87ba7
                                                                                                                                    • Instruction Fuzzy Hash: 3C212331A0CA4391EB50AF69A44462AA7A1EF85BF0F100335D76DC3BFADF6CD5458740
                                                                                                                                    Function 00007FF6B797C050 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                    • Opcode ID: 8bbbb01cf39c7a29ff4fbb7fa7bd8270fac2d4ba2b8d336fe0b40c1fcc65fe02
                                                                                                                                    • Instruction ID: 680552bfcf8af2201087af03a3fcd70d586e5e00fcd7c60b69efd43862018e64
                                                                                                                                    • Opcode Fuzzy Hash: 8bbbb01cf39c7a29ff4fbb7fa7bd8270fac2d4ba2b8d336fe0b40c1fcc65fe02
                                                                                                                                    • Instruction Fuzzy Hash: 94214920F0D24782FA68B72D964127952669F457F1F144734DB3ED66F7EF6CA8418340
                                                                                                                                    Function 00007FF8B8F82404 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Dealloc$Err_StringThread_allocate_lockmemset
                                                                                                                                    • String ID: Unable to allocate lock$compresslevel must be between 1 and 9
                                                                                                                                    • API String ID: 451674277-2500606449
                                                                                                                                    • Opcode ID: 902beb4e41be376fc66d152125bb74feed39a9bd39f4cb4aafba6efc0b5bb16f
                                                                                                                                    • Instruction ID: 8cfb4499e512ec16d49cdf4dc5ad0bf2d9de01369a9c2b4855c81d193bafcade
                                                                                                                                    • Opcode Fuzzy Hash: 902beb4e41be376fc66d152125bb74feed39a9bd39f4cb4aafba6efc0b5bb16f
                                                                                                                                    • Instruction Fuzzy Hash: A1211831A19A43C1EB558B2DE844A7823A5EF59BCBF544036CB0D423A7DF3CE556C318
                                                                                                                                    Function 00007FF8B8F83954 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocString$Bytes_Err_FromSizeThread_allocate_lock
                                                                                                                                    • String ID: Unable to allocate lock
                                                                                                                                    • API String ID: 553681934-3516605728
                                                                                                                                    • Opcode ID: 6a8266bce64d464d2f1938b48205d32153e3f3ca7e830d53c016b5fbbc7f03fc
                                                                                                                                    • Instruction ID: c0caef45f222661180b9e91263528f62abdf3234d586f55ec763b61bcf565792
                                                                                                                                    • Opcode Fuzzy Hash: 6a8266bce64d464d2f1938b48205d32153e3f3ca7e830d53c016b5fbbc7f03fc
                                                                                                                                    • Instruction Fuzzy Hash: BA21BA32E19B02C1FB595F39D819B782295EF59BCAF185435CA0D453A7EF3CA446C318
                                                                                                                                    Function 00007FF6B7988FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                    • String ID: CONOUT$
                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                    • Opcode ID: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                    • Instruction ID: 7f56145cd418018a7676e4ebc240a231f443dad7d83be1862fe4fb74db97fe4d
                                                                                                                                    • Opcode Fuzzy Hash: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                    • Instruction Fuzzy Hash: 6F115B21B18A4386F750AB5AE88472962B0FB98FE4F144234EB6DC77A6DF7CD9048740
                                                                                                                                    Function 00007FF8BA4F1A50 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(?,?,?,00007FF8BA4F19BF,?,?,?,00007FF8BA4F1D72), ref: 00007FF8BA4F1A77
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF8BA4F19BF,?,?,?,00007FF8BA4F1D72), ref: 00007FF8BA4F1A94
                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF8BA4F19BF,?,?,?,00007FF8BA4F1D72), ref: 00007FF8BA4F1AB0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                    • API String ID: 667068680-1718035505
                                                                                                                                    • Opcode ID: 8554a03760cd05ae82a34de338802ed81bea07e6972b79139443d2f2c03d48ed
                                                                                                                                    • Instruction ID: 0c7f6b835872efeb566b0d2fb0daa6f750c29794a6a7701f1713e8ee252a0c7d
                                                                                                                                    • Opcode Fuzzy Hash: 8554a03760cd05ae82a34de338802ed81bea07e6972b79139443d2f2c03d48ed
                                                                                                                                    • Instruction Fuzzy Hash: E3112D21F4EB4385FE519B0DB980275A295AF057D0F4A79B7CF1D06354EFBEA4859300
                                                                                                                                    Function 00007FF8B8B31EF8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                    • String ID: Invalid filter specifier for delta filter$|OO&
                                                                                                                                    • API String ID: 3027669873-2010576982
                                                                                                                                    • Opcode ID: a73e3f3128708c9b5dc9f3e2fe947f39ceb2e8c0d8b49d7cd698414521f3d41e
                                                                                                                                    • Instruction ID: 16ad717f72d35c87e491bbfce94d153b8257bce6b42502a5579e634da2b51df2
                                                                                                                                    • Opcode Fuzzy Hash: a73e3f3128708c9b5dc9f3e2fe947f39ceb2e8c0d8b49d7cd698414521f3d41e
                                                                                                                                    • Instruction Fuzzy Hash: 9E110571A89A0396EB009B28E85416D33A8FB88B95F504031D60D43360EF7DE54BC749
                                                                                                                                    Function 00007FF8B8B31E6C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                    • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                                                                                    • API String ID: 3027669873-3728029529
                                                                                                                                    • Opcode ID: ddc9891101ab6aac3ee3b1df17ab9d22617d0c7e06fc5bdc0734c96a7d35a77a
                                                                                                                                    • Instruction ID: 6c19502fccd01ea27cbf6b095347f0f0aaa242bad7008ad211901d9c6c107e1c
                                                                                                                                    • Opcode Fuzzy Hash: ddc9891101ab6aac3ee3b1df17ab9d22617d0c7e06fc5bdc0734c96a7d35a77a
                                                                                                                                    • Instruction Fuzzy Hash: C8011371A89B029AEB00DB39E8441AD33A8FB48B91F500032E71D43360EF7DE41AC759
                                                                                                                                    Function 00007FF8B8F8C8C8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    • 1.0.8, 13-Jul-2019, xrefs: 00007FF8B8F8C8DB
                                                                                                                                    • *** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac, xrefs: 00007FF8B8F8C90A
                                                                                                                                    • bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth, xrefs: 00007FF8B8F8C8E8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __acrt_iob_func$__stdio_common_vfprintfexit
                                                                                                                                    • String ID: bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth$*** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac$1.0.8, 13-Jul-2019
                                                                                                                                    • API String ID: 77255540-989448446
                                                                                                                                    • Opcode ID: ef3ab1859df5a52126a9e3ff06f86e2dfa43323b27d669bd603df3cdb6304e0e
                                                                                                                                    • Instruction ID: f0c65bb81c368bc60031ce0514419ff7137abd70b61d986542a1b80cc1cb4056
                                                                                                                                    • Opcode Fuzzy Hash: ef3ab1859df5a52126a9e3ff06f86e2dfa43323b27d669bd603df3cdb6304e0e
                                                                                                                                    • Instruction Fuzzy Hash: E7E06D30F18506C2FB5867ACE895AB82256EF847C2F001039C70D077E7DF2C6506838A
                                                                                                                                    Function 00007FF8B9F6ADEC Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+$NameName::
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 168861036-0
                                                                                                                                    • Opcode ID: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                                                                    • Instruction ID: 897ef44d6220ba5fbf3e2a63d9a834f3839729b1fb9dd9788de6b658ea148c3b
                                                                                                                                    • Opcode Fuzzy Hash: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                                                                    • Instruction Fuzzy Hash: 92717972A18B9289E7018FADE8902BC3BA1BB507E6F519135EB0D17B99CF7CE441C340
                                                                                                                                    Function 00007FF6B79679B0 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32(FFFFFFFF,?,?,00000000,00007FF6B7968706), ref: 00007FF6B79679E2
                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967A39
                                                                                                                                      • Part of subcall function 00007FF6B7968950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B7963A04,00000000,00007FF6B7961965), ref: 00007FF6B7968989
                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967AC8
                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967B34
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967B45
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF6B7968706), ref: 00007FF6B7967B5A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                    • Opcode ID: 085495254006ee1cdc3c832bee00d85fc27d841cf049dd36fd5940e5a83abb71
                                                                                                                                    • Instruction ID: e1f41cecbdb4f53d55bf0e126e2e0e103c2e26ba85ea4d3b8ade35c3079ba77b
                                                                                                                                    • Opcode Fuzzy Hash: 085495254006ee1cdc3c832bee00d85fc27d841cf049dd36fd5940e5a83abb71
                                                                                                                                    • Instruction Fuzzy Hash: 39419461B1968381EB30AF29A5406BA63A4FF44BD4F440235DF9DD77AAEE3CD601C740
                                                                                                                                    Function 00007FF8B8F82D38 Relevance: 9.1, APIs: 6, Instructions: 114threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocEval_Thread$Bytes_FromList_RestoreSaveSizeString
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 722544280-0
                                                                                                                                    • Opcode ID: 09033e8253d7567ad69ad7900199fcbad6492066f6cebe1547fc111332878b23
                                                                                                                                    • Instruction ID: 8b64ede84493231bb2422302a03e2d508522d79969150c7fb4ab0e345190602d
                                                                                                                                    • Opcode Fuzzy Hash: 09033e8253d7567ad69ad7900199fcbad6492066f6cebe1547fc111332878b23
                                                                                                                                    • Instruction Fuzzy Hash: 54417B72B09B03C6EB648B299804A7822A0FB48BD2F140235DF5D47796DF3CF552C708
                                                                                                                                    Function 00007FF8B9F669F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3741236498-0
                                                                                                                                    • Opcode ID: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                                                                    • Instruction ID: 12991291da369dcc14f0388d540761fafb2b349a39bd02ec692c63f8ffc1f2a0
                                                                                                                                    • Opcode Fuzzy Hash: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                                                                    • Instruction Fuzzy Hash: DA31A122B19BD191EB15DF6AE80456927A0FF4AFF1B599635DE2D03780EE3DE441C300
                                                                                                                                    Function 00007FF6B79685C0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetCurrentProcess.KERNEL32 ref: 00007FF6B7967BD0
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: OpenProcessToken.ADVAPI32 ref: 00007FF6B7967BE3
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetTokenInformation.ADVAPI32 ref: 00007FF6B7967C08
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetLastError.KERNEL32 ref: 00007FF6B7967C12
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: GetTokenInformation.ADVAPI32 ref: 00007FF6B7967C52
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6B7967C6E
                                                                                                                                      • Part of subcall function 00007FF6B7967BB0: CloseHandle.KERNEL32 ref: 00007FF6B7967C86
                                                                                                                                    • LocalFree.KERNEL32(00000000,00007FF6B7963099), ref: 00007FF6B796864C
                                                                                                                                    • LocalFree.KERNEL32 ref: 00007FF6B7968655
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                    • Opcode ID: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                    • Instruction ID: a457fd5b9c57b5c90022e46c25fd8ce8d9ae435fb8463d375d8835dc5417ee6c
                                                                                                                                    • Opcode Fuzzy Hash: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                    • Instruction Fuzzy Hash: 18216B21A08A4382F750BB28E5106EA62A1EF88780F945131EB4DD37A7DF3CDA448780
                                                                                                                                    Function 00007FF6B797C1C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C1D7
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C20D
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C23A
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C24B
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C25C
                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF6B7975E51,?,?,?,?,00007FF6B797B392,?,?,?,?,00007FF6B79780CB), ref: 00007FF6B797C277
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                    • Opcode ID: cd140ed500cd0c82a50e9bec5cbca94b7f65b5ea9b6864ee2a07c94a3d21de84
                                                                                                                                    • Instruction ID: 4c0add20af9be584a1d42f773088f9d9553c17d5b95b9232758f2b05f1ec9440
                                                                                                                                    • Opcode Fuzzy Hash: cd140ed500cd0c82a50e9bec5cbca94b7f65b5ea9b6864ee2a07c94a3d21de84
                                                                                                                                    • Instruction Fuzzy Hash: A5110620B0D64382FA58B7AD969117961569F89BF0F144734EF3E966F7EE6CE8418300
                                                                                                                                    Function 00007FF8B8B308F8 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B30910
                                                                                                                                    • PyUnicode_InternFromString.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B30921
                                                                                                                                    • PyDict_SetItem.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B3093C
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B35B60
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B307F5,?,?,?,00007FF8B8B307A2,?,?,?,?,?,00007FF8B8B3072D), ref: 00007FF8B8B35B79
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocFromLong$Dict_InternItemLong_StringUnicode_Unsigned
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 252187852-0
                                                                                                                                    • Opcode ID: e3dee8e333db1f5367c56751dd0de61c00a17b608ee9ee3568560097a4441690
                                                                                                                                    • Instruction ID: 2d551e4db5198c9598d85575f60f07adb6977070cb086647700586e734f042cc
                                                                                                                                    • Opcode Fuzzy Hash: e3dee8e333db1f5367c56751dd0de61c00a17b608ee9ee3568560097a4441690
                                                                                                                                    • Instruction Fuzzy Hash: 99111C31A8DA4295FE254F3EA91833C7294AF49BE1F085230DB4E56795DF7CE4878309
                                                                                                                                    Function 00007FF8B9F63F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                    • Opcode ID: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                                                                    • Instruction ID: b6b7d1b4f236da024bad46325152e59880d4ec174c14f2c50a53cb066fa5580a
                                                                                                                                    • Opcode Fuzzy Hash: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                                                                    • Instruction Fuzzy Hash: 8A91CF73A08BD28AE711DF68E8802AD7BA0FB45799F105139EB8D17B59DF38E195C700
                                                                                                                                    Function 00007FF8B9841B44 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                    • Opcode ID: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                    • Instruction ID: f2009f5275cfbe4005966ece293044934111ebe16576e9b3b2f70fec680d6db7
                                                                                                                                    • Opcode Fuzzy Hash: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                    • Instruction Fuzzy Hash: 7E918F73A08B868AE751CF68E8812AD7BA0FB55788F10413AEB8D57B55DF38D195CB00
                                                                                                                                    Function 00007FF8B9F6C540 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                    • API String ID: 2943138195-757766384
                                                                                                                                    • Opcode ID: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                                                                    • Instruction ID: de43c34d3dc49d95d7c251584b5e70f399cbeb73023b199eb6277328907a0de9
                                                                                                                                    • Opcode Fuzzy Hash: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                                                                    • Instruction Fuzzy Hash: E9717C72A08B8288EB548F2CD9500BC7BA5BB097E6F846535DB9D57B99DF3CE160C340
                                                                                                                                    Function 00007FF8B98420C8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __except_validate_context_record.LIBVCRUNTIME ref: 00007FF8B98420F2
                                                                                                                                      • Part of subcall function 00007FF8B9843524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FF8B9841222), ref: 00007FF8B9843564
                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9842247
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$__except_validate_context_record
                                                                                                                                    • String ID: $csm$csm
                                                                                                                                    • API String ID: 3000080923-1512788406
                                                                                                                                    • Opcode ID: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                    • Instruction ID: ff2cd8b39c9349787b1315a0ac181eae0f670db50302441141df45ef4ced506d
                                                                                                                                    • Opcode Fuzzy Hash: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                    • Instruction Fuzzy Hash: 9671AF32A0C6D286DB618F299450679BBA1EF05BD9F148136DF8C4BB99CE2CE591CB00
                                                                                                                                    Function 00007FF8B9F63CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                    • Opcode ID: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                                                                    • Instruction ID: 7a5df23cdf46efb61bd753c08f30a7aa0f7910c7482d040cac200081bbf15742
                                                                                                                                    • Opcode Fuzzy Hash: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                                                                    • Instruction Fuzzy Hash: EA61B232918BC582E7618F19E4403AABBA0FB95BE5F045235EB9D07B55DF7CE194CB00
                                                                                                                                    Function 00007FF8B8C11F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101878039.00007FF8B8C11000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8C10000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101815910.00007FF8B8C10000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101897238.00007FF8B8C13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101914559.00007FF8B8C14000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101931121.00007FF8B8C15000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8c10000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wassertmemcpymemmove
                                                                                                                                    • String ID: cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                    • API String ID: 750734614-977067101
                                                                                                                                    • Opcode ID: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                    • Instruction ID: 146ecb830121ec2334b722be76b4f6153ad8ba04162f645ba4d3ae0df8d7278b
                                                                                                                                    • Opcode Fuzzy Hash: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                    • Instruction Fuzzy Hash: 6D5121E6B04B9282EB45DF29A458A6AA760FB54FD4F049632DF8813B45EF3CD593C304
                                                                                                                                    Function 00007FF8B9F65C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileHeader
                                                                                                                                    • String ID: MOC$RCC$csm$csm
                                                                                                                                    • API String ID: 104395404-1441736206
                                                                                                                                    • Opcode ID: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                                                                    • Instruction ID: c9b22e030c1df5507a64c53a125d0fcd7afec267641f090de0eee6818202ba9b
                                                                                                                                    • Opcode Fuzzy Hash: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                                                                    • Instruction Fuzzy Hash: CD51BE32A1978296EAA09F29D14017E2AA0FF557E6F142135DF8D67781DF3CF861C740
                                                                                                                                    Function 00007FF8B8F83B10 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: combined CRCs: stored = 0x%08x, computed = 0x%08x$ {0x%08x, 0x%08x}
                                                                                                                                    • API String ID: 0-2474432645
                                                                                                                                    • Opcode ID: 0056b11cb69f784616b1aa0851a728008ba5e3ea6175bde756f5d4047897cb64
                                                                                                                                    • Instruction ID: 4434b3e8eb0c3698c414eb250b4da950e932ef2081f0203d281a9e3d00aeadf6
                                                                                                                                    • Opcode Fuzzy Hash: 0056b11cb69f784616b1aa0851a728008ba5e3ea6175bde756f5d4047897cb64
                                                                                                                                    • Instruction Fuzzy Hash: F6416D71A0D942CAFB648B3D8454A7C22A1EB45BDAF145235DB0E8A3D6DF3CA842C758
                                                                                                                                    Function 00007FF8B8B309F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PySequence_Size.PYTHON312(00000000,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30A1C
                                                                                                                                    • PySequence_GetItem.PYTHON312(?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30A4F
                                                                                                                                      • Part of subcall function 00007FF8B8B30AE4: PyMapping_Check.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B09
                                                                                                                                      • Part of subcall function 00007FF8B8B30AE4: PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B23
                                                                                                                                      • Part of subcall function 00007FF8B8B30AE4: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B38
                                                                                                                                      • Part of subcall function 00007FF8B8B30AE4: PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FF8B8B30A6B,?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B30B4F
                                                                                                                                    • PyErr_Format.PYTHON312(?,00000000,00007FF8B8B309A0), ref: 00007FF8B8B35BAB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                                                                                    • String ID: Too many filters - liblzma supports a maximum of %d
                                                                                                                                    • API String ID: 1062705235-2617632755
                                                                                                                                    • Opcode ID: db3603c548f88f2b8fe41d73364c75cc1aa961d7b055e38fcc1c3abcf90d0289
                                                                                                                                    • Instruction ID: d3e9e4d4b57453ed19e9881ac7a5c82905da95da65a2041a537db88bd059fc85
                                                                                                                                    • Opcode Fuzzy Hash: db3603c548f88f2b8fe41d73364c75cc1aa961d7b055e38fcc1c3abcf90d0289
                                                                                                                                    • Instruction Fuzzy Hash: F7314721A89A4285EA649F3AB80413A7690AF45BF5F184331DE7D577E1DF3CE4438308
                                                                                                                                    Function 00007FF8B8B32088 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_$FormatOccurred
                                                                                                                                    • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                                                                                    • API String ID: 4038069558-4068623215
                                                                                                                                    • Opcode ID: fbfa7170fe5e9719f71238706719fae69002c6f5dea8a56668e78af6628c07f7
                                                                                                                                    • Instruction ID: 1a0e17c018b50a9660eeae6d637f646eb993659298a2f923adedaee681140bf8
                                                                                                                                    • Opcode Fuzzy Hash: fbfa7170fe5e9719f71238706719fae69002c6f5dea8a56668e78af6628c07f7
                                                                                                                                    • Instruction Fuzzy Hash: CF216B21B9CA4781EA609B3CE8413792360BF89BE9F400231EB5E476E6DF3CE4078704
                                                                                                                                    Function 00007FF8B8082400 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101072102.00007FF8B8081000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8B8080000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2100995731.00007FF8B8080000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101101057.00007FF8B8085000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101122183.00007FF8B8086000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101142517.00007FF8B8087000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8080000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wassertmemcpy
                                                                                                                                    • String ID: @$D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                    • API String ID: 785382960-4190453202
                                                                                                                                    • Opcode ID: 9866ec4c9cf0936fe4a954d78d9ff4afd309cd52094dbb7c2e93bcceac7e3399
                                                                                                                                    • Instruction ID: 0fe2c2b2be520a6c6d25a60a804090f27df5964614b374c139034775f271b522
                                                                                                                                    • Opcode Fuzzy Hash: 9866ec4c9cf0936fe4a954d78d9ff4afd309cd52094dbb7c2e93bcceac7e3399
                                                                                                                                    • Instruction Fuzzy Hash: 7E216B72B0861287EF549F19E05426967A0FB55BD8F186035DF4A06B9ACB3DD883CB08
                                                                                                                                    Function 00007FF8B8F83890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Arg_$KeywordsModuleModule_PositionalStateType_
                                                                                                                                    • String ID: BZ2Decompressor
                                                                                                                                    • API String ID: 2980520244-1337346095
                                                                                                                                    • Opcode ID: c50c9d5afdc97fe0c515a4ac0006280614bfb11ebb9f3b13c6548bb06ff9ba85
                                                                                                                                    • Instruction ID: 7ae6d80cde0790d6b3612f0a3d20d1843aa291f97dd6e0b0f567e348c3cb05f5
                                                                                                                                    • Opcode Fuzzy Hash: c50c9d5afdc97fe0c515a4ac0006280614bfb11ebb9f3b13c6548bb06ff9ba85
                                                                                                                                    • Instruction Fuzzy Hash: 8B213B32A09A86C0EB509F1AE84097967A6FB44BD6F484032DF5D07366DF3CE886C308
                                                                                                                                    Function 00007FF8B93CCA44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102290499.00007FF8B93C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102271587.00007FF8B93C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102312697.00007FF8B93D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102330511.00007FF8B93D8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102349809.00007FF8B93DC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102349809.00007FF8B93DE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b93c0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_FormatSubtypeType_Unicode_strchr
                                                                                                                                    • String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
                                                                                                                                    • API String ID: 3500358371-1038790478
                                                                                                                                    • Opcode ID: 6687a30cc57e1ee634c037d25e8a68f94273e432a628233c1c6ccebeb851ecb2
                                                                                                                                    • Instruction ID: 0a1ae16d73563a663751841bfa1ea9580d8de6d3b9e2843e315591768f088156
                                                                                                                                    • Opcode Fuzzy Hash: 6687a30cc57e1ee634c037d25e8a68f94273e432a628233c1c6ccebeb851ecb2
                                                                                                                                    • Instruction Fuzzy Hash: 1D11E965A08BC291EA14DF6D94642BA23A4AF59BC5F48A435CB0D86660DF2DE888C341
                                                                                                                                    Function 00007FF8BA4F1010 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Arg_$ArgumentKeywordsUnpack
                                                                                                                                    • String ID: argument 'query'$exec_query$str
                                                                                                                                    • API String ID: 139282824-2846418808
                                                                                                                                    • Opcode ID: 8c5440cee4046f90056018bbd1117d7adc3ce7f0433d02da895694641874f55b
                                                                                                                                    • Instruction ID: fd5e4fc7248721425aaf8a7b077a7136daf07cbf3a4eefcb6535b52a71da648c
                                                                                                                                    • Opcode Fuzzy Hash: 8c5440cee4046f90056018bbd1117d7adc3ce7f0433d02da895694641874f55b
                                                                                                                                    • Instruction Fuzzy Hash: 8D015BB5A18B8285EE50DB08E8843A562A0FB45BC8F806576DF0D07754EF7FE549CB00
                                                                                                                                    Function 00007FF6B797A9C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                    • Opcode ID: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                    • Instruction ID: ec3a9dd274b0fb89ceaa9ec63f6970c0ed9712ba032088541d0846eae8d6d706
                                                                                                                                    • Opcode Fuzzy Hash: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                    • Instruction Fuzzy Hash: 8AF06D61B19A0391FA18AB6CE44473A6370EF99BA1F540639DB6E862F6CF2CD045C760
                                                                                                                                    Function 00007FF8B9F6A920 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: NameName::$Name::operator+
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 826178784-0
                                                                                                                                    • Opcode ID: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                                                                    • Instruction ID: 3d824b325808095136967a09622561736de41bbab67ff809b561d84aa46bc543
                                                                                                                                    • Opcode Fuzzy Hash: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                                                                    • Instruction Fuzzy Hash: 8D414822A19B92D8EB00DF29D8901B837B4BB15BE5BA66132EB4D53795DF3CE855C300
                                                                                                                                    Function 00007FF8B8C123F0 Relevance: 7.6, APIs: 6, Instructions: 76COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101878039.00007FF8B8C11000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8C10000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101815910.00007FF8B8C10000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101897238.00007FF8B8C13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101914559.00007FF8B8C14000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101931121.00007FF8B8C15000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8c10000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: calloc$free$memcpy
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3937003943-0
                                                                                                                                    • Opcode ID: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                    • Instruction ID: 28008a898273c630359588ef2286340e96a37cc98a4048e7fca76865eb329af0
                                                                                                                                    • Opcode Fuzzy Hash: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                    • Instruction Fuzzy Hash: 123181B9609B4286EB94EF59E4E832A62A1FB44FC4F144435DF4D07749DF3CD4968348
                                                                                                                                    Function 00007FF6B798A5D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _set_statfp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                    • Instruction ID: bb3bb628df156aa28b9de56c2510b169622d2cc53749e304f7d9a0a4a20cddde
                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                    • Instruction Fuzzy Hash: 8711E622E5CE0309F66D236CA9963792150EF593E4E184734EB6ED66FBCE6CA8518240
                                                                                                                                    Function 00007FF6B797C290 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C2AF
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C2CE
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C2F6
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C307
                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B797B4E7,?,?,00000000,00007FF6B797B782,?,?,?,?,?,00007FF6B797B70E), ref: 00007FF6B797C318
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                    • Opcode ID: f43b7e8ffdaa9f4f156d0b1eb130a323da5c860b472f5ddb223cc1376774324f
                                                                                                                                    • Instruction ID: ac6df5796b0436ad4355aea92c126b6fd432c4cc0753346026dd087295f4f9fb
                                                                                                                                    • Opcode Fuzzy Hash: f43b7e8ffdaa9f4f156d0b1eb130a323da5c860b472f5ddb223cc1376774324f
                                                                                                                                    • Instruction Fuzzy Hash: 2B113760F0D64742FAA8B36DA68117921569F453B0F584734EE3E966F7EF2CE8028300
                                                                                                                                    Function 00007FF8B8B330FC Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Dealloc$Module_State
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3434497292-0
                                                                                                                                    • Opcode ID: 6a3d88dd892805761181d08f85003e23869356d95f75b7c079e31278ad3fe0e8
                                                                                                                                    • Instruction ID: aaa26c5d00fde6832a42382fccec2fe77abc5b45a64875b39cd47e5af8615a79
                                                                                                                                    • Opcode Fuzzy Hash: 6a3d88dd892805761181d08f85003e23869356d95f75b7c079e31278ad3fe0e8
                                                                                                                                    • Instruction Fuzzy Hash: 8621DD3BD9EE0695FB6B4F7DE85433B22A0AF59B99F184034C70E46190CF7DA4868319
                                                                                                                                    Function 00007FF6B797C124 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                    • Opcode ID: 5830a724a110e18c9dc77d9d0afd73a4b7733b8d85f13529bf141d4281ca4b95
                                                                                                                                    • Instruction ID: 268024bb72bea891b6366a77daeab58c16ffd9772dc35961949ee74ee62bd2b9
                                                                                                                                    • Opcode Fuzzy Hash: 5830a724a110e18c9dc77d9d0afd73a4b7733b8d85f13529bf141d4281ca4b95
                                                                                                                                    • Instruction Fuzzy Hash: 8911B710E0D20782F9A8F77D59521B912964F46374F584B34EB3EDA2F3EE6CB8418350
                                                                                                                                    Function 00007FF8B8F89FF8 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Module_$FromModuleSpecTypeType_$State
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1138651315-0
                                                                                                                                    • Opcode ID: e00655ab60471ee6b8c7b2f1229d02f59f6c56db88fc7fd98effa3ec4bcfbc03
                                                                                                                                    • Instruction ID: a5f59d4c587bc7ce5d08c7d35b4da572980447cf96fe0ed5842813523ea4b554
                                                                                                                                    • Opcode Fuzzy Hash: e00655ab60471ee6b8c7b2f1229d02f59f6c56db88fc7fd98effa3ec4bcfbc03
                                                                                                                                    • Instruction Fuzzy Hash: 3301B131B09B03C1FB508F2AB984A3A63A1EF09BC2F544530DB5D06B65EF3CE0868708
                                                                                                                                    Function 00007FF6B79685B0 Relevance: 7.5, APIs: 5, Instructions: 36sleepthreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Process$ConsoleCurrentShowSleepThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3908687701-0
                                                                                                                                    • Opcode ID: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                    • Instruction ID: e1c670530e16222d1ccc6fa321749f5704d2e62df78f311d9dffd6de56f2e070
                                                                                                                                    • Opcode Fuzzy Hash: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                    • Instruction Fuzzy Hash: 19018120F1874382EB58AB29A48483963A0EF48FC4F045275DB4FD267EDE3CE9519750
                                                                                                                                    Function 00007FF6B7976F60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: verbose
                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                    • Opcode ID: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                    • Instruction ID: 961764159b175da69427d5a293ca4c7b49f512575b50088fa79059620607de9a
                                                                                                                                    • Opcode Fuzzy Hash: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                    • Instruction Fuzzy Hash: E191BE32A08A4781FB61AF28D85077D37A1AB44B98F484136DB5EC73E6DF3CE8458311
                                                                                                                                    Function 00007FF6B7980E38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                    • Opcode ID: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                    • Instruction ID: e6b5a7adb54c90ba5b81a9383053b2f6210a2442685ad730d6189e1bf86bb659
                                                                                                                                    • Opcode Fuzzy Hash: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                    • Instruction Fuzzy Hash: 7781CD72E4C28385F765AF2D865127936A0AB11BC8F658039DB0ED72B7CF3DE9018701
                                                                                                                                    Function 00007FF8B8F82488 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __acrt_iob_func
                                                                                                                                    • String ID: block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d$ final combined CRC = 0x%08x
                                                                                                                                    • API String ID: 711238415-3357347091
                                                                                                                                    • Opcode ID: 6552e34ed48a1d86d24d61cc91327a7148cd74ac371dd5142d379d2a5e13f031
                                                                                                                                    • Instruction ID: 850e36b283f55f02279c4a148e4a9d7c4a0714a712313a886198abede2248d4b
                                                                                                                                    • Opcode Fuzzy Hash: 6552e34ed48a1d86d24d61cc91327a7148cd74ac371dd5142d379d2a5e13f031
                                                                                                                                    • Instruction Fuzzy Hash: 9E618D36B19212C7E754AE2E9405AAA2791EB85FC6F145039DF0A07797CF3DE8078B84
                                                                                                                                    Function 00007FF8B9F6470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F6488B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort
                                                                                                                                    • String ID: $csm$csm
                                                                                                                                    • API String ID: 4206212132-1512788406
                                                                                                                                    • Opcode ID: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                                                                    • Instruction ID: 87fe9a88b844edca7a81be8e63df6c04699d6eade4b7b923e10a5d65f9058d4f
                                                                                                                                    • Opcode Fuzzy Hash: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                                                                    • Instruction Fuzzy Hash: DB71BD32A087C186DB619F2AD09037D7BA0FB42BEAF14A135DB8D47B89CB2CD561C744
                                                                                                                                    Function 00007FF6B796CBD8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                    • Opcode ID: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                    • Instruction ID: 599d1db9eaa8327d45410cab18917cc2a251ff4fbdd1c45c5962e528b7aa9b47
                                                                                                                                    • Opcode Fuzzy Hash: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                    • Instruction Fuzzy Hash: 5351B232B196038ADB14EF19D054A7837A5EB45B98F108231EB6D877AADF3DF941C780
                                                                                                                                    Function 00007FF6B796E818 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                    • String ID: csm$csm
                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                    • Opcode ID: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                    • Instruction ID: 9f0a10d0565fd5f2d4dd3d9d0dd898fd7e70de1cfa1cccc1f1ae2bdccb2880d4
                                                                                                                                    • Opcode Fuzzy Hash: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                    • Instruction Fuzzy Hash: DD518E329086838EEB74AB29914437877A0FB54B84F184235DB9C87BE6CF3CE651D781
                                                                                                                                    Function 00007FF6B796E468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                    • Opcode ID: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                    • Instruction ID: 0d4882f0245d55cd88114b5e1318c3c733f84f6287d53594d117d7b6a5dc996b
                                                                                                                                    • Opcode Fuzzy Hash: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                    • Instruction Fuzzy Hash: 6C618772908BC785DB61AB19E4403AAB7A0FB94B94F044735EB9C477A6DF7CE190CB40
                                                                                                                                    Function 00007FF8B9F644E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F645DB
                                                                                                                                    • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF8B9F645EB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                                                    • String ID: csm$csm
                                                                                                                                    • API String ID: 4108983575-3733052814
                                                                                                                                    • Opcode ID: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                                                                    • Instruction ID: 0f30fa8b4f6c4897b0b636a872c2d2be793d3b4b35d356b3f62553996132f6c5
                                                                                                                                    • Opcode Fuzzy Hash: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                                                                    • Instruction Fuzzy Hash: 87517E72D087C286EB64AF19D5442687AA0FB51BEAF146135DB8D47BD5CF3CE860CB00
                                                                                                                                    Function 00007FF8B9842600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$CreateFrameInfo__except_validate_context_record
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 444109036-1018135373
                                                                                                                                    • Opcode ID: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                    • Instruction ID: bb85c40c52a491a4842214e95d95725f31a99ea6832d421f03173ac8dfb8a8cb
                                                                                                                                    • Opcode Fuzzy Hash: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                    • Instruction Fuzzy Hash: C5514976718B8287EA20EF29E14126E77A4FB88BE0F115135EB8D47B55DF38E461CB01
                                                                                                                                    Function 00007FF8B9F6B118 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: NameName::
                                                                                                                                    • String ID: %lf
                                                                                                                                    • API String ID: 1333004437-2891890143
                                                                                                                                    • Opcode ID: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                                                                    • Instruction ID: 94f92181f7501dac0aeeca91ec46e1965d73ab12c3ff662e90465781a9c48149
                                                                                                                                    • Opcode Fuzzy Hash: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                                                                    • Instruction Fuzzy Hash: CD31C361A0CBC685E611DF69F8500BA77A1BF55BE3F54A236EB8E47791DE2CE141C300
                                                                                                                                    Function 00007FF6B7967260 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateDirectoryW.KERNEL32(00000000,?,00007FF6B79628EC,FFFFFFFF,00000000,00007FF6B796336A), ref: 00007FF6B7967372
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                    • Opcode ID: edef38ff62529b20aa9e4dd174cb85ee92fdf6a12d4b4b11e6a9369b37dc6bc2
                                                                                                                                    • Instruction ID: 61877e850d5ef7d61153ec58947723f1b9e133b639fb29487e7f2ee848b84086
                                                                                                                                    • Opcode Fuzzy Hash: edef38ff62529b20aa9e4dd174cb85ee92fdf6a12d4b4b11e6a9369b37dc6bc2
                                                                                                                                    • Instruction Fuzzy Hash: 74319821619AC785EB21AB29E4507BA6355EB84BE0F440331EF6DC77EAEE2CD3458740
                                                                                                                                    Function 00007FF8B8792300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101193437.00007FF8B8791000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8B8790000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101165795.00007FF8B8790000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101233210.00007FF8B8794000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101273506.00007FF8B8795000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101301497.00007FF8B8796000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8790000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wassertmemcpy
                                                                                                                                    • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                    • API String ID: 785382960-330188172
                                                                                                                                    • Opcode ID: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                    • Instruction ID: a6fafa40384da90e3f249810035dde46f0035cd21399c3e60760aebcf0f9acf5
                                                                                                                                    • Opcode Fuzzy Hash: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                    • Instruction Fuzzy Hash: 0621A121B5965296EB549F1DE14037D6762EB84BCCF145035DB5D07B49CF3CD882874C
                                                                                                                                    Function 00007FF6B7962220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,00007FF6B796866F), ref: 00007FF6B796226E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: %ls$WARNING$[PYI-%d:%ls]
                                                                                                                                    • API String ID: 2050909247-3372507544
                                                                                                                                    • Opcode ID: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                    • Instruction ID: 80b279d99b413d4721bfdd09f0cc9860897edc01fc17aed6ba2bc0db5dd03079
                                                                                                                                    • Opcode Fuzzy Hash: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                    • Instruction Fuzzy Hash: E121AF22619B8391E710ABA8B4516EA7364FB847C0F400136EB8D93A6BDF3CD215C780
                                                                                                                                    Function 00007FF8B9F62A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F62A8E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abortterminate
                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                    • API String ID: 661698970-2671469338
                                                                                                                                    • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                    • Instruction ID: 478284a6a31a037766df26a918afe58d24840a9f1edfd0ccd208c74fc3d26a2e
                                                                                                                                    • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                    • Instruction Fuzzy Hash: EBF0493291878796E7646F69E1810AD37A4EF8CBE2F19A031D78846352CF7CE4A0CB41
                                                                                                                                    Function 00007FF8B9841268 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF8B9843524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FF8B9841222), ref: 00007FF8B9843564
                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B98412A6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abortterminate
                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                    • API String ID: 661698970-2671469338
                                                                                                                                    • Opcode ID: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                    • Instruction ID: 5791adb26e10f25fd5d47fa135948b9606e51fc0928e4ba0057623c4c283d796
                                                                                                                                    • Opcode Fuzzy Hash: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                    • Instruction Fuzzy Hash: 47F04F36A1869782E760AF19E68116C76E4FF48BC4F199132D74887352CF3CD4A0CE01
                                                                                                                                    Function 00007FF8B8B31E28 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyLong_AsUnsignedLongLong.PYTHON312(?,?,00000006,00007FF8B8B30C84), ref: 00007FF8B8B31E35
                                                                                                                                    • PyErr_Occurred.PYTHON312(?,?,00000006,00007FF8B8B30C84), ref: 00007FF8B8B31E3E
                                                                                                                                    • PyErr_SetString.PYTHON312(?,?,00000006,00007FF8B8B30C84), ref: 00007FF8B8B35F2D
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                    • String ID: Value too large for uint32_t type
                                                                                                                                    • API String ID: 944333170-1712686559
                                                                                                                                    • Opcode ID: 62a4745fbfe59e4c90c0add94300cae889c0301779a57f172e3d256090aca8e7
                                                                                                                                    • Instruction ID: eef831b78f3dbfd4868e364120e808bf87c9a8a39bfe461b25ed1e0e4974eb70
                                                                                                                                    • Opcode Fuzzy Hash: 62a4745fbfe59e4c90c0add94300cae889c0301779a57f172e3d256090aca8e7
                                                                                                                                    • Instruction Fuzzy Hash: 4CF01C21B58A43D6EF504F3DE8841382364AF48BC5F585435EB1E4A365DF7DE4968708
                                                                                                                                    Function 00007FF8B8B3639C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                    • String ID: Value too large for lzma_mode type
                                                                                                                                    • API String ID: 944333170-1290617251
                                                                                                                                    • Opcode ID: b22a5d0c9117f0865986d4fb651305497babffe0040438f9c0f0f3340f09c88e
                                                                                                                                    • Instruction ID: ccf67373f73c043f07826832b8c80ea8b5be6e03f57abf8ecad1b4cba0c74518
                                                                                                                                    • Opcode Fuzzy Hash: b22a5d0c9117f0865986d4fb651305497babffe0040438f9c0f0f3340f09c88e
                                                                                                                                    • Instruction Fuzzy Hash: C4F0F821B98A4392EF504F3EF8841386360AF49BC5F185038DB4E46360DF3CE4969718
                                                                                                                                    Function 00007FF8B8B36344 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                    • String ID: Value too large for lzma_match_finder type
                                                                                                                                    • API String ID: 944333170-1161044407
                                                                                                                                    • Opcode ID: 99003c3eb096936ec8c636f24dd0c0c4e5d8b4cc14757a1491aa4c85b97ff348
                                                                                                                                    • Instruction ID: 48d2d4912543e1b142bd636152d1cd3f2cae451be5e44462b5d9716085ce6e4e
                                                                                                                                    • Opcode Fuzzy Hash: 99003c3eb096936ec8c636f24dd0c0c4e5d8b4cc14757a1491aa4c85b97ff348
                                                                                                                                    • Instruction Fuzzy Hash: 1AF0F821B98A4392EF504F3EF88413963A0AF49BC5F189438DB0E46260DF7CE4969708
                                                                                                                                    Function 00007FF6B797D4A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                    • Opcode ID: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                    • Instruction ID: c828bc5ab994a6d08de7021a6add6402fc86620c926f05993caab664b6510a1a
                                                                                                                                    • Opcode Fuzzy Hash: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                    • Instruction Fuzzy Hash: C4D1B072B09A4289E710DF69D4402EC37B1FB45B98B544236CF5E97BAADF38E416D700
                                                                                                                                    Function 00007FF6B797DE60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B797DE4B), ref: 00007FF6B797DF7C
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B797DE4B), ref: 00007FF6B797E007
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                    • Opcode ID: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                    • Instruction ID: 4e02e004eaebba3e0e2a4cc58bb0726a06039fe2033691009da1a24654edde12
                                                                                                                                    • Opcode Fuzzy Hash: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                    • Instruction Fuzzy Hash: 51919F32F1865389F760AF6D94402BD2BA0BB45B88F544139DF0EA7AA6DF3CE442D701
                                                                                                                                    Function 00007FF8B9F6A638 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                    • Opcode ID: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                                                                    • Instruction ID: ce8eed7e0a0cc34b72fd8254b63570a889bf4deea6cd194ef819d1e4a99b5014
                                                                                                                                    • Opcode Fuzzy Hash: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                                                                    • Instruction Fuzzy Hash: D2913A62E08B9289FB518F68D8403AC3BB1BB047AAF955035DB4D17799DF7CE846C350
                                                                                                                                    Function 00007FF6B7980BFC Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                    • Opcode ID: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                    • Instruction ID: 08f64193a88d019a8c6830437770f327a80ae83f9d679bb967d3d332eb4c5941
                                                                                                                                    • Opcode Fuzzy Hash: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                    • Instruction Fuzzy Hash: 6251B072F042178AFB14EF6C99956BC2AA5AB00398F510239DF1ED6AF6DF38E4418700
                                                                                                                                    Function 00007FF6B7976738 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                    • Opcode ID: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                    • Instruction ID: 1ede397997efe24a2dfd204eab3e7815542f95540b4093516275db8da9a06dff
                                                                                                                                    • Opcode Fuzzy Hash: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                    • Instruction Fuzzy Hash: B7516E22E086438AF714EF79D4503BD27B1AF48B98F144539DF0E9B6AADF38D4518750
                                                                                                                                    Function 00007FF8B8B28260 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PyType_GetModuleState.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B28295
                                                                                                                                      • Part of subcall function 00007FF8B8B32520: PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FF8B8B282AF,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B32557
                                                                                                                                      • Part of subcall function 00007FF8B8B32520: PyList_New.PYTHON312(?,?,?,00007FF8B8B282AF,?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B3256A
                                                                                                                                    • PyEval_SaveThread.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B282BC
                                                                                                                                    • PyEval_RestoreThread.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B282D5
                                                                                                                                    • _Py_Dealloc.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B27F11), ref: 00007FF8B8B28395
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2935988267-0
                                                                                                                                    • Opcode ID: d2865db98b91894408b91bca24a72f32ca369ac93cab1bfcea91881dc73ccb59
                                                                                                                                    • Instruction ID: 1094a278d69d5b1814db3e2e0d74a52c6919c25b09751fbcb86045d668e55224
                                                                                                                                    • Opcode Fuzzy Hash: d2865db98b91894408b91bca24a72f32ca369ac93cab1bfcea91881dc73ccb59
                                                                                                                                    • Instruction Fuzzy Hash: 5B415E22A49A42C5EB249F3994501BE27A4FF88BC8FA84135EB0D43694DF3DE597C348
                                                                                                                                    Function 00007FF8B9F6D274 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3863519203-0
                                                                                                                                    • Opcode ID: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                                                                    • Instruction ID: 4c3e5b4fb387a1702b0b24d6aaf9b385203d66666a3ed768db33b000ec604e0b
                                                                                                                                    • Opcode Fuzzy Hash: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                                                                    • Instruction Fuzzy Hash: 4E414772A08B8589EB01CF68D8413AC37A0FB49BA9F989039DB4D5B759DF7CD445C360
                                                                                                                                    Function 00007FF8B8F89B7C Relevance: 6.1, APIs: 4, Instructions: 60threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocFreeMem_Thread_free_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2783890233-0
                                                                                                                                    • Opcode ID: 8ca38aa2e3f3211b8c473df556929a0638ac1e7876af75a1f1f100e2de9c9043
                                                                                                                                    • Instruction ID: 6e975b4bcc20838d35ead57e4bbc4d69c040972d5599d1a8bad9c296626e28fd
                                                                                                                                    • Opcode Fuzzy Hash: 8ca38aa2e3f3211b8c473df556929a0638ac1e7876af75a1f1f100e2de9c9043
                                                                                                                                    • Instruction Fuzzy Hash: CA21713270D682CAEB5A5F2998547BC3770FB82B86F448436D74A83793CF2C9556C309
                                                                                                                                    Function 00007FF8B8B275CC Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeallocFreeMem_Thread_free_lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2783890233-0
                                                                                                                                    • Opcode ID: bcc7cfee9b2209847adca92131e86cc30aa653ca5cfd2bf39dd385bb785bb666
                                                                                                                                    • Instruction ID: 724bb3c5507f0b05f79b8a51710f3e40e4884e7d3104ff8840e0413eb894c5f2
                                                                                                                                    • Opcode Fuzzy Hash: bcc7cfee9b2209847adca92131e86cc30aa653ca5cfd2bf39dd385bb785bb666
                                                                                                                                    • Instruction Fuzzy Hash: 67113932A19A42C6EA5A8F3ED96837C2760FF48BC5F584030C70E46690CF3CA496CB0D
                                                                                                                                    Function 00007FF8A88A9578 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097917334.00007FF8A8701000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF8A8700000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097898005.00007FF8A8700000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098096710.00007FF8A8983000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098096710.00007FF8A89A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098096710.00007FF8A89AF000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098096710.00007FF8A89B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098096710.00007FF8A8A27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098096710.00007FF8A8AF2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098658948.00007FF8A8BF7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098758064.00007FF8A8C66000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098783745.00007FF8A8C68000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098844542.00007FF8A8C69000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098937142.00007FF8A8CEF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098958960.00007FF8A8CF2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2098995128.00007FF8A8CFC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099064261.00007FF8A8D21000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099092434.00007FF8A8D22000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099114780.00007FF8A8D23000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099140068.00007FF8A8D24000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099162016.00007FF8A8D26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099189533.00007FF8A8D32000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099222538.00007FF8A8D33000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099256112.00007FF8A8D75000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099256112.00007FF8A8D90000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2099341884.00007FF8A8D92000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8a8700000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: 0804c1a51da27741a55dd8b5fed75ef0dd93f8bc7ab32e20a087d6665cd5ec47
                                                                                                                                    • Instruction ID: 6b08f4b8ac73d6bd6987e603a2eb69b7f87aa6daf3e47f4dfbc2327a0833539a
                                                                                                                                    • Opcode Fuzzy Hash: 0804c1a51da27741a55dd8b5fed75ef0dd93f8bc7ab32e20a087d6665cd5ec47
                                                                                                                                    • Instruction Fuzzy Hash: 20113C22B15F029AEB00CF70E8582B833A4FB19BA8F441E35DA6D877A4DF7CD5958354
                                                                                                                                    Function 00007FF8B8F8A6C8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102195487.00007FF8B8F81000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102177622.00007FF8B8F80000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102214833.00007FF8B8F8E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102234228.00007FF8B8F92000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102253914.00007FF8B8F93000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8f80000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: 77c78ce843a22dd9e90f864da75077e2d8d64c165ec06621501ca7f40382b826
                                                                                                                                    • Instruction ID: a6e1b4961b47bdca0f7cc4d5e127c28c92b4f34a674d668295092f7f967ca16e
                                                                                                                                    • Opcode Fuzzy Hash: 77c78ce843a22dd9e90f864da75077e2d8d64c165ec06621501ca7f40382b826
                                                                                                                                    • Instruction Fuzzy Hash: 05111832B15B028AEB008B64E8542B833A4FB59799F440E31EB6D467A8DF78D169C340
                                                                                                                                    Function 00007FF8B8B339D8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: f9572bf7004e4bffeee822655549483db0f257ff88881b7d8fd6e9b7bca562f8
                                                                                                                                    • Instruction ID: ae057261729f2aac241c7694ca132eed3fb33c6fcb4b1a784dee0493e09ad062
                                                                                                                                    • Opcode Fuzzy Hash: f9572bf7004e4bffeee822655549483db0f257ff88881b7d8fd6e9b7bca562f8
                                                                                                                                    • Instruction Fuzzy Hash: BA111826B55B028AEB008B78E8552A833A4FB19798F441E31DB6D467A4DF7CD1658344
                                                                                                                                    Function 00007FF8BA4F2F74 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102686946.00007FF8BA4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102668495.00007FF8BA4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102707244.00007FF8BA4F4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102762094.00007FF8BA4F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102779522.00007FF8BA4F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8ba4f0000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: 482005c0cba2f1fafeafd7413512bef6b587d8cb012f4774776535f77843ce99
                                                                                                                                    • Instruction ID: 41b1c608eb60674a0c97f41a67c2cc75aae477f5b2e844dcfe12bde22825dae5
                                                                                                                                    • Opcode Fuzzy Hash: 482005c0cba2f1fafeafd7413512bef6b587d8cb012f4774776535f77843ce99
                                                                                                                                    • Instruction Fuzzy Hash: 0711E836B14B018AEB00CB64E8552A933A4FB59798F442E35DF6D867A4DF79D1588340
                                                                                                                                    Function 00007FF8B9F709FC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                                                                    • Instruction ID: 9ca8352044e2257f7a05b13245ae251e1d4af69758ee5fe4e06664b572363678
                                                                                                                                    • Opcode Fuzzy Hash: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                                                                    • Instruction Fuzzy Hash: D5113C22B14F419AEB00CF64E8542B837A4FB19BA9F440E31DB6D877A4DF7CD1988340
                                                                                                                                    Function 00007FF8B984456C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                    • Instruction ID: 5c4cf59e834c059ba0cf409df5b226e57e448cfe5be8aff9bc836522be2a517e
                                                                                                                                    • Opcode Fuzzy Hash: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                    • Instruction Fuzzy Hash: FC113026B14F428AEB00DF64E8542B833A4FB19798F440E31DB6D867A4DF7CD1988380
                                                                                                                                    Function 00007FF6B796C5E0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                    • Opcode ID: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                    • Instruction ID: ab2789081b49076c81472bffad7b64106b9326d7dc65968edff7fd55349347c9
                                                                                                                                    • Opcode Fuzzy Hash: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                    • Instruction Fuzzy Hash: 1A112E22B15F038AEB00EF68E8552B833A4FB19B58F441E35DB6D867A5DF7CE1548350
                                                                                                                                    Function 00007FF8B9F6F670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentImageNonwritableUnwind
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 451473138-1018135373
                                                                                                                                    • Opcode ID: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                                                                    • Instruction ID: 8dd589892dcf39309ac1184f002fcfce61530105ad3518ef86ca45db0f2c9dbf
                                                                                                                                    • Opcode Fuzzy Hash: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                                                                    • Instruction Fuzzy Hash: 8051BD32B197828AEB54CF29E544A7C37A1EB54BEAF209135DB5A43788DF7CE851C700
                                                                                                                                    Function 00007FF6B7986D8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                    • String ID: ?
                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                    • Opcode ID: d0b5b4893435fc06bb44c0bfd3c4afae0be10aa3ee1d4f6c058f23408d263c6b
                                                                                                                                    • Instruction ID: 8533891fb8f6d7cbe33da0fb1cfb4da385864608e9df778d49ddc5e678d5768e
                                                                                                                                    • Opcode Fuzzy Hash: d0b5b4893435fc06bb44c0bfd3c4afae0be10aa3ee1d4f6c058f23408d263c6b
                                                                                                                                    • Instruction Fuzzy Hash: 5341C612A0838386FB65AB2DE44137A5660EB90BE4F144235EF5D8BAF7DF3DD4518700
                                                                                                                                    Function 00007FF8B9F64E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abort$CreateFrameInfo
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 2697087660-1018135373
                                                                                                                                    • Opcode ID: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                                                                    • Instruction ID: a374caf67dbcb8b14e77ebfc1013ced8dd0a5e9b1f9526efd1209bb704f94e01
                                                                                                                                    • Opcode Fuzzy Hash: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                                                                    • Instruction Fuzzy Hash: 31516E33A1878296E660EF29E04026E77A4FB8ABE2F141134EB8D47B55CF3CE450CB04
                                                                                                                                    Function 00007FF6B7979F50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B7979F82
                                                                                                                                      • Part of subcall function 00007FF6B797B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B47A
                                                                                                                                      • Part of subcall function 00007FF6B797B464: GetLastError.KERNEL32(?,?,?,00007FF6B7983F92,?,?,?,00007FF6B7983FCF,?,?,00000000,00007FF6B7984495,?,?,?,00007FF6B79843C7), ref: 00007FF6B797B484
                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6B796C165), ref: 00007FF6B7979FA0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                    • String ID: C:\Users\user\Desktop\7zip.exe
                                                                                                                                    • API String ID: 3580290477-698707265
                                                                                                                                    • Opcode ID: 6a4dbdaa8dd2b454c87b42bcae1ae77807c0d922a2c4c320371c355071f6a322
                                                                                                                                    • Instruction ID: 745fef5ad238ff33ea00323b8d2c1571f66a2f2270ce94ca9ba4aa8b96b37537
                                                                                                                                    • Opcode Fuzzy Hash: 6a4dbdaa8dd2b454c87b42bcae1ae77807c0d922a2c4c320371c355071f6a322
                                                                                                                                    • Instruction Fuzzy Hash: 58416D32A09B1386EB18FF2DA8415B826A4EB45B94F544035EB4E87BB7DF3DE4518300
                                                                                                                                    Function 00007FF6B797DB38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                    • String ID: U
                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                    • Opcode ID: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                    • Instruction ID: c3e934c045fc0fa94f17bc7c08003bf1c2dd9d29068e6e0882c19b612f06d9f0
                                                                                                                                    • Opcode Fuzzy Hash: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                    • Instruction Fuzzy Hash: C341B272B19A4381EB20AF69E4443A967A0FB88B94F544131EF4DC77A9EF7CD501D740
                                                                                                                                    Function 00007FF6B7962020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6B7961B4A), ref: 00007FF6B7962070
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: %s: %s$[PYI-%d:ERROR]
                                                                                                                                    • API String ID: 2050909247-3704582800
                                                                                                                                    • Opcode ID: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                    • Instruction ID: 43a1db962a122693f23685073d017e3489240bebaac8d61685e0ac31c0edff04
                                                                                                                                    • Opcode Fuzzy Hash: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                    • Instruction Fuzzy Hash: 6321F662B1868355E720B769A8416EA6254BF88BD4F400231FF8DD776BDE3CD256C240
                                                                                                                                    Function 00007FF8B9F6A524 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name::operator+
                                                                                                                                    • String ID: void$void
                                                                                                                                    • API String ID: 2943138195-3746155364
                                                                                                                                    • Opcode ID: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                                                                    • Instruction ID: 50e02da43d9ed30433ee454c90c922a6eba29c6052bf3011fa25831b1aaac6cc
                                                                                                                                    • Opcode Fuzzy Hash: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                                                                    • Instruction Fuzzy Hash: 1D311462E18B959CFB01CFA8E8410EC3BB0BB48799B442536EF4E56B59EF3C9144C750
                                                                                                                                    Function 00007FF6B7980828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                    • String ID: :
                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                    • Opcode ID: 4eb2485002f7e18dd5ad5ab22e07d9568f7ad018dfd4fb00fa812247a7c0dd43
                                                                                                                                    • Instruction ID: 4f8b99b7045a48e39c631de8066ddb2142eb0d00119e71f717edcb91f987b1cd
                                                                                                                                    • Opcode Fuzzy Hash: 4eb2485002f7e18dd5ad5ab22e07d9568f7ad018dfd4fb00fa812247a7c0dd43
                                                                                                                                    • Instruction Fuzzy Hash: A0219432B0868381FB24AB1DD45426D63B1FB88B88F854135DB4D836A6DF7DE985C790
                                                                                                                                    Function 00007FF6B7961E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6B7961B79), ref: 00007FF6B7961E9E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: ERROR$[PYI-%d:%s]
                                                                                                                                    • API String ID: 2050909247-3005936843
                                                                                                                                    • Opcode ID: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                    • Instruction ID: 3b9d8cbf1e6e471b0205e96ad95eebb4b0deab1a394b34660864f0a13ee13cd3
                                                                                                                                    • Opcode Fuzzy Hash: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                    • Instruction Fuzzy Hash: D2119332A19B8382E720AB59B4816EA7364EF887C4F400135FB8D83B6ADE7CD2558740
                                                                                                                                    Function 00007FF6B7962140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6B79628DA,FFFFFFFF,00000000,00007FF6B796336A), ref: 00007FF6B796218E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                    • String ID: WARNING$[PYI-%d:%s]
                                                                                                                                    • API String ID: 2050909247-3752221249
                                                                                                                                    • Opcode ID: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                    • Instruction ID: c716a2d09c99e0acc954e0dad45d603b8627cfb33dd58643ec2b9c5a36307f73
                                                                                                                                    • Opcode Fuzzy Hash: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                    • Instruction Fuzzy Hash: AA119372A19B8381E720AB59B8816EA7364FF887C4F400135FB8D83B6ADF7CD2558740
                                                                                                                                    Function 00007FF8B9F6676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileHeader$ExceptionRaise
                                                                                                                                    • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                                                    • API String ID: 3685223789-3176238549
                                                                                                                                    • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                    • Instruction ID: eb19de9f364c485ca1c657c8a586ed434bb72ecd8358c8cecf024132abb500b9
                                                                                                                                    • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                    • Instruction Fuzzy Hash: 07015EA1A19B87E2EE40DFACE4511786360EF81BEAF446431E70E07769EFACD508C700
                                                                                                                                    Function 00007FF8B9F66B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                    • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                    • Instruction ID: 139417cda1f7e53b5a329f65d0cdfc90856a7360f54a2769ab63ac4b39ebe225
                                                                                                                                    • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                    • Instruction Fuzzy Hash: F2111C32618F8192EB618F19F440259BBE5FB88B99F584231DB8C07768DF3DD551CB00
                                                                                                                                    Function 00007FF8B9843244 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                    • Opcode ID: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                    • Instruction ID: 7d71e427886922faea0431e5def568a480720adad153bb37aae3ff88141ec1da
                                                                                                                                    • Opcode Fuzzy Hash: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                    • Instruction Fuzzy Hash: 85111932619B8282EB618F19E54026977E5FF88BC4F584235DF8C07758DF3CD5518B00
                                                                                                                                    Function 00007FF6B796F2D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                    • Opcode ID: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                    • Instruction ID: 17c228804760a4833a2be2217540e875bf6da08c350a7df89683fa9a987ba304
                                                                                                                                    • Opcode Fuzzy Hash: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                    • Instruction Fuzzy Hash: 3C116D32608B8282EB209F29F440669B7E1FB88B98F184230DF8D47769DF3CD651CB00
                                                                                                                                    Function 00007FF6B79819AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2097765000.00007FF6B7961000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B7960000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2097746781.00007FF6B7960000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097791905.00007FF6B798D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097814626.00007FF6B79A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2097873203.00007FF6B79A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff6b7960000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                    • String ID: :
                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                    • Opcode ID: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                    • Instruction ID: ab4c5b6923f647a9bb9752bcb0e398dbbb940cf285e391c5f9e0334087861c7a
                                                                                                                                    • Opcode Fuzzy Hash: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                    • Instruction Fuzzy Hash: DF014F22A1C60386F760BF68E4622BE63A0EF48744F941539D74DC66A7EF3DE544CA14
                                                                                                                                    Function 00007FF8B9F6F420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F6F45A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: abortterminate
                                                                                                                                    • String ID: csm$f
                                                                                                                                    • API String ID: 661698970-629598281
                                                                                                                                    • Opcode ID: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                                                                    • Instruction ID: 399f4d607298d6fc6c4d2769afbd47a98922be958465cdd830cbf39bf16bed9c
                                                                                                                                    • Opcode Fuzzy Hash: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                                                                    • Instruction Fuzzy Hash: 8DE06532D087D291E7206F65F18013D2AA4AF5ABF6F34A034DB8806B46CE3DD490C745
                                                                                                                                    Function 00007FF8B8B29C70 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2101712911.00007FF8B8B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2101695504.00007FF8B8B20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B38000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101735613.00007FF8B8B3C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101775918.00007FF8B8B44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2101795139.00007FF8B8B45000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b8b20000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memcpy$memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1283327689-0
                                                                                                                                    • Opcode ID: 4ff8b3063f4f20cd18eadd87b9a245918cfa6e9493d93cba2f001b4c2c1ee853
                                                                                                                                    • Instruction ID: 62c976de5563f63c1db21b2cbd9bab2c2bc6f439a0dbda44eeea840ad857356b
                                                                                                                                    • Opcode Fuzzy Hash: 4ff8b3063f4f20cd18eadd87b9a245918cfa6e9493d93cba2f001b4c2c1ee853
                                                                                                                                    • Instruction Fuzzy Hash: 05210132B1864983D6149F3AA80456EBBA2FB14BD0F680139DF8E57A85CF3DE442D708
                                                                                                                                    Function 00007FF8B9F66E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF8B9F66CE9,?,?,?,?,00007FF8B9F70582,?,?,?,?,?), ref: 00007FF8B9F66E83
                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF8B9F66CE9,?,?,?,?,00007FF8B9F70582,?,?,?,?,?), ref: 00007FF8B9F66F0C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102515188.00007FF8B9F61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102484459.00007FF8B9F60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102591668.00007FF8B9F73000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102628318.00007FF8B9F78000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102646941.00007FF8B9F79000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9f60000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                    • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                    • Instruction ID: 70e77c9397db20f61023ed35a4d3a2617c6c218ea3627156750a466c11a38436
                                                                                                                                    • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                    • Instruction Fuzzy Hash: D3113A20F19BC282FA159F6DE8501782691AF49BF6F185634DB6E077E9DE3CB841C610
                                                                                                                                    Function 00007FF8B9843464 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF8B9843325,?,?,?,?,00007FF8B98441CA,?,?,?,?,?), ref: 00007FF8B9843483
                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF8B9843325,?,?,?,?,00007FF8B98441CA,?,?,?,?,?), ref: 00007FF8B984350B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000003.00000002.2102406610.00007FF8B9841000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B9840000, based on PE: true
                                                                                                                                    • Associated: 00000003.00000002.2102387193.00007FF8B9840000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102425958.00007FF8B9845000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102444301.00007FF8B9848000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    • Associated: 00000003.00000002.2102462143.00007FF8B9849000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff8b9840000_7zip.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                    • Opcode ID: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                    • Instruction ID: 3fa61d7849ee7d166cf62797beda79e9ffa973db17eb8315530512eef5c14fb3
                                                                                                                                    • Opcode Fuzzy Hash: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                    • Instruction Fuzzy Hash: FE114C20F196C783FA159F2EB90017966A1AF49BE0F184636DB2E473E4EE3CE8418740